|
|
| |
| Yahoo! Webcam Viewer Wrapper is an ActiveX control used by Webcam feature of Yahoo! Messenger and Yahoo! Chat also it can be installed from Internet as a stand-alone ActiveX control. This ActiveX control has a heap based overflow vulnerability. |
| |
Credit:
The information has been provided by Cesar Cerrudo.
|
| |
When a long value is set in Yahoo! Webcam Viewer Wrapper ActiveX control's "TargetName" property a stack and heap based buffer overflow occurs depending on the length of the string.
To reproduce the overflow just cut-and-paste the following:
------sample.htm-----------
< object id="yahoowebcam" classid="CLSID:E504EE6E-47C6-11D5-B8AB-00D0B78F3D48" >
</object>
< script>
yahoowebcam.TargetName="longstringhere";
</script>
---------------------------
As this ActiveX control is marked as safe, the above sample will run without being blocked in default Internet Explorer security configuration. This vulnerability can be exploited to run arbitrary code.
Workaround:
If you have installed the ActiveX from Internet as a stand-alone ActiveX control or you have used Yahoo! Chat then:
* Go to: %SystemRoot%\Downloaded Program Files\
* Right Click on: Yahoo! Webcam Viewer Wrapper
* Left Click: Remove
Patch:
By going to: http://messenger.yahoo.com/messenger/security/ Yahoo! Messenger will prompt to update upon sign-in.
|
|
|
|
|
|
|
|
