Code execution hole in Yahoo Widgets

A serious security flaw in an ActiveX control that ships with the Yahoo Widgets could put users at risk of PC takeover attacks.

The vulnerability, rated "highly critical" by Secunia, is caused due to a boundary error within the YDPCTL.YDPControl.1 (YDPCTL.dll) ActiveX control when handling the "GetComponentVersion()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (greater than 512 bytes) to the affected method.

[ GALLERY: Ten free security utilities you should already be using ]

The gaping hole is confirmed in YDPCTL.dll version 2007.4.13.1 included in Yahoo! Widgets version 4.0.3 (build 178). Other versions may also be affected.

An alert from Yahoo explains the risks:

Some impacts of a buffer overflow might include the introduction of executable code and the crash of an application such as Internet Explorer. For this specific security issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their web page.

...Yahoo! Widgets users who inadvertently view malicious HTML code on an attacker's website. If your computer has installed Yahoo! Widgets before June 20, 2007, you should install the update.

ALSO SEE:

Yahoo screws up flaw disclosure, helps exploit writer

‘High risk’ flaws in Yahoo Messenger

Exploits released for nasty Yahoo Webcam ActiveX flaws