Yahoo! Messenger! in! security! flap!
PrintIts buffer floweth over
Posted in Software & Security, 18th December 2006 14:57 GMT
Free whitepaper – Managing desktop software for fun and profit
Yahoo! Messenger users have been warned to update their IM software following the discovery of a serious security bug.
The vulnerability - which involves an unspecified buffer overflow bug in the IM client's YMailAttach ActiveX control - creates a potential means for hackers to take control of Windows (and only Windows) PCs.
Users running Yahoo! Messenger clients released before 2 November are advised to update to the latest version of the software via the Yahoo! download site here. Unless they apply the update, users of Yahoo! Messenger 5,6,7 and are all at risk from attack in cases where they are tricked into visiting maliciously constructed websites that take advantage of the vulnerability.
Both Yahoo! (here) and US CERT (here) have published advisories explaining the problem in greater depth. US CERT lists a number of workarounds, such as disabling the affected ActiveX control in IE, designed to guard against attack for those not yet ready to upgrade. ®
Free whitepaper – Managing desktop software for fun and profit
Managing desktop software for fun and profit
Analyst Keynote: The Register Agile Data Center Summit
Dell PowerEdge R710 solution with VMware ESX vs. Dell PowerEdge 2850 solution
Seven ways to lower storage costs
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs