Code execution hole in Yahoo Widgets

Summary:A serious security flaw in an ActiveX control that ships with the Yahoo Widgets could put users at risk of PC takeover attacks.

Code execution hole in Yahoo Widgets
A serious security flaw in an ActiveX control that ships with the Yahoo Widgets could put users at risk of PC takeover attacks.

The vulnerability, rated "highly critical" by Secunia, is caused due to a boundary error within the YDPCTL.YDPControl.1 (YDPCTL.dll) ActiveX control when handling the "GetComponentVersion()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (greater than 512 bytes) to the affected method.

[ GALLERY: Ten free security utilities you should already be using ]

The gaping hole is confirmed in YDPCTL.dll version 2007.4.13.1 included in Yahoo! Widgets version 4.0.3 (build 178). Other versions may also be affected.

An alert from Yahoo explains the risks:

Some impacts of a buffer overflow might include the introduction of executable code and the crash of an application such as Internet Explorer. For this specific security issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their web page.

...Yahoo! Widgets users who inadvertently view malicious HTML code on an attacker's website. If your computer has installed Yahoo! Widgets before June 20, 2007, you should install the update.

ALSO SEE:

Yahoo screws up flaw disclosure, helps exploit writer

‘High risk’ flaws in Yahoo Messenger

Exploits released for nasty Yahoo Webcam ActiveX flaws

Topics: Social Enterprise, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.