|
|
| |
| YIM (Yahoo Instant Messenger) is one of the most popular instant messengers. A vulnerability within one of the DLLs provided by the product allows a remote attacker to create a page that will execute arbitrary code on the user's remote computer once he visits it. |
| |
Credit:
The information has been provided by Tri Huynh.
|
| |
Vulnerable systems:
* Yahoo Instant Messenger version 5.6.0.1347 and prior
YAUTO.DLL is an ActiveX/COM component that comes with Yahoo Install Messenger. YAUTO.DLL is registered under a ProgID called "YAuto.NSAuto.1". In this component, there is a function named Open(String URL) that will cause a buffer overflow if argument URL is passed with a long string. Since this is an ActiveX component, the vulnerability can be exploited just by making a website with the correct CLSID of the ActiveX and call the function directly. NOTE: this object has not been marked "SAFE" for scripting, therefore a warning will pop-up prior to the object being created (exploited).
Workaround:
A workaround solution is deleting the YAUTO.DLL file in your YIM directory.
Vendor status:
Yahoo has been contacted at enterprisesales@yahoo-inc.com but doesn't response for a month.
|
|
|
|
|
