Yahoo! Messenger! in! security! flap!
PrintIts buffer floweth over
Posted in Software & Security, 18th December 2006 14:57 GMT
Free whitepaper – Straight Talk with Dell: Sending out an SaaS
Yahoo! Messenger users have been warned to update their IM software following the discovery of a serious security bug.
The vulnerability - which involves an unspecified buffer overflow bug in the IM client's YMailAttach ActiveX control - creates a potential means for hackers to take control of Windows (and only Windows) PCs.
Users running Yahoo! Messenger clients released before 2 November are advised to update to the latest version of the software via the Yahoo! download site here. Unless they apply the update, users of Yahoo! Messenger 5,6,7 and are all at risk from attack in cases where they are tricked into visiting maliciously constructed websites that take advantage of the vulnerability.
Both Yahoo! (here) and US CERT (here) have published advisories explaining the problem in greater depth. US CERT lists a number of workarounds, such as disabling the affected ActiveX control in IE, designed to guard against attack for those not yet ready to upgrade. ®
Free whitepaper – Managing desktop software for fun and profit
Enabling the Agile Data Center
Straight Talk with Dell: Sending out an SaaS
The business value of SIP VoIP and trunking
New storage architectures make SSDs more cost-effective
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs