Yet another critical Yahoo Messenger flaw

Yet another critical Yahoo Messenger flaw

Summary: Yahoo has confirmed -- and fixed -- another nasty code execution hole affecting users of its Yahoo Messenger chat client.

SHARE:
2

Yahoo has confirmed -- and fixed -- another nasty code execution hole affecting users of its Yahoo Messenger chat client.

The latest flaw comes one week after Yahoo was forced to upgrade the instant messaging tool to correct an unrelated security vulnerability.

A new advisory from Yahoo spells out the risk:

Some impacts of a buffer overflow might include involuntary log out of a Yahoo! Chat and/or Yahoo! Messenger session, the crash of an application such as Internet Explorer, and in some instances, the introduction of executable code. In this case, these problems could only happen if an attacker successfully lured the Yahoo! Messenger user to view malicious HTML code, most likely by getting a person to visit the attacker’s web page. To our knowledge, there have been no known malicious executable code exploits related to this issue.

iDefense Labs, the company credited with reporting the bug, has more details.

Topic: Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Patch already issued

    I usually check YM once a week or so to see if there are updates - and there was one issued a day or so ago, so it looks like YM users are "safe" -- for now.

    Lou
    docqualizer
  • You wanna know, really KNOW, how to avoid these flaws?

    It is simple.

    Dont use Yahoo Messenger. Don't use Google messenger. Don't use AIM and DeadAIM. Don't use ICQ, and Windows Messenger, or any other "Messaging" program.

    Use fooking email or a telephone for cryin out loud.
    XweAponX