Security makeover for Yahoo Messenger

Security makeover for Yahoo Messenger

Summary: Eight days after the release of exploit code for code execution holes in the Yahoo Messenger IM client, Yahoo has shipped a new version with patches for its Windows user base.

SHARE:

Security makeover for Yahoo MessengerEight days after the release of exploit code for code execution holes in the Yahoo Messenger IM client, Yahoo has shipped a new version with patches for its Windows user base.

The latest security makeover, which is being distributed via the software's auto-update mechanism, covers two separate vulnerabilities that can be triggered when an attacker tricks the target into accepting a webcam invitation.

[ SEE: Beware of strange Yahoo Messenger webcam invites ]

Yahoo confirmed in an alert that the flaws could open doors to remote code execution attacks.

Some impacts of a buffer overflow might include the introduction of executable code, being involuntarily logged out of a Chat and/or Instant Messaging session, and the crash of an application such as Yahoo! Messenger. For this specific security issue, these impacts could only be possible if an attacker is successful in prompting the Messenger user to accept a webcam invitation.

This is the second major security makeover for Yahoo Messenger this year.

Topics: Social Enterprise, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion