Yet another critical Yahoo Messenger flaw

Summary:Yahoo has confirmed -- and fixed -- another nasty code execution hole affecting users of its Yahoo Messenger chat client.

Yahoo has confirmed -- and fixed -- another nasty code execution hole affecting users of its Yahoo Messenger chat client.

The latest flaw comes one week after Yahoo was forced to upgrade the instant messaging tool to correct an unrelated security vulnerability.

A new advisory from Yahoo spells out the risk:

Some impacts of a buffer overflow might include involuntary log out of a Yahoo! Chat and/or Yahoo! Messenger session, the crash of an application such as Internet Explorer, and in some instances, the introduction of executable code. In this case, these problems could only happen if an attacker successfully lured the Yahoo! Messenger user to view malicious HTML code, most likely by getting a person to visit the attacker’s web page. To our knowledge, there have been no known malicious executable code exploits related to this issue.

iDefense Labs, the company credited with reporting the bug, has more details.

Topics: Social Enterprise

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.