Beware of strange Yahoo Messenger webcam invites

Beware of strange Yahoo Messenger webcam invites

Summary: Exploit code for a potentially serious vulnerability in Yahoo Messenger has been posted on the Internet, putting millions of computer users at risk of code execution attacks.

SHARE:
1

Beware of strange Yahoo Messenger webcam invitesExploit code for a potentially serious vulnerability in Yahoo Messenger has been posted on the Internet, putting millions of computer users at risk of code execution attacks.

The flaw, confirmed in fully-patched versions of Yahoo Messenger, causes a heap overflow to be triggered when the target accepts a webcam invitation.

The exploit, published on a Chinese security forum, has been reproduced by researchers in McAfee's labs. According to Dave Marcus, security research and communications manager in McAfee Avert Lab, Yahoo has been notified and is investigating.

In the absence of a patch, McAfee recommends the following:

  • Do not accept webcam invites from untrusted sources.
  • Block outgoing traffic on TCP port 5100.

"This one does require a lot of user-assisted action but a successful attack can cause full remote code execution," Marcus said in an interview.

[UPDATE: August 16 @ 12:06 PM]  Yahoo spokeswoman Monica Ma e-mails:

Yahoo! takes security seriously and consistently employs measures to help protect our users.  Since learning of this issue, we have been actively working towards a resolution and expect to have a fix shortly.

ALSO SEE:

"High risk" flaws found in Yahoo Messenger

Exploits released for nasty Yahoo Webcam ActiveX flaws

Yahoo screws up flaw disclosure, helps exploit writer

Topic: Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Webcam invites

    Anyone who has used messenger has certainly seen the invites coming from all sorts of untrusted sources, bots, etc. Just another reason to only accept those from people you have already established are legit.
    jimmccormick