"High risk" flaws found in Yahoo Messenger

"High risk" flaws found in Yahoo Messenger

Summary: Researchers at eEye Digital Security has found several high-risk code execution holes in the Yahoo Messenger instant messaging program.

SHARE:
2

Researchers at eEye Digital Security has found several high-risk code execution holes in the Yahoo Messenger instant messaging program.

eEye has released a bare bones alert to warn Windows users of the remote code execution attack scenario.

Multiple flaws exist within Yahoo! Messenger which allow for remote execution of arbitrary code with minimal user interaction.

As per its disclosure policy, eEye is not releasing any additional details. The flaw, which affects Yahoo Messenger 8.x, has been reported and confirmed by Yahoo.

[UPDATE: June 7, 2007 @ 8:57 PM] Exploit code and technicals details are now public. If you use Yahoo Messenger, be sure to follow the mitigation guidance available.

Topic: Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Yahoo Messenger Flaws

    About three months ago, I noticed that a few things were happening via Yahoo messenger.

    I am located here in China and consequently a lot of the advertisers are Chinese.

    I noticed that within one hour of logging into Messenger, I would suddenly have an error generated from messenger asking if I wanted to 'debug'.

    Regardless of my answer, I ended up with Firefox or IE starting up and displaying Chinese porn sites.

    I attempted to notify Yahoo of this but they never responded!?

    Guess I don't have a 'name' or credibility with them.

    Since then, I reinstated the resource hog Trillian which seemed to stop it while giving me access to my Yahoo using associates.

    I have been a faithful user of Yahoo and have had the same username since about 1995.

    I signed up for gmail today since this problem has gone virtually ignored for a few months AND none of their mail utilities seem to work with my mobile phone.

    It seems Yahoo has decided not to compete with Google on any level.

    Well, I for one can't wait for them to catch up.
    The Smoking Man
  • Flaws list

    Great list!!! You should consider putting it up on ListAfterList

    http://www.listafterlist.com/

    It is a great new Web site where YOU can find and create lists about anything and everything.
    prattosu@...