Ravens PHP Scripts

Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow
Date: Friday, August 31, 2007 @ 08:56:23 PDT
Topic: Security


SECUNIA ADVISORY ID: SA26579

VERIFY ADVISORY: http://secunia.com/advisories/26579/

CRITICAL: Highly critical

IMPACT: DoS, System access

WHERE: >From remote

SOFTWARE: Yahoo! Messenger 8.x - http://secunia.com/product/12122/

DESCRIPTION: A vulnerability has been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.




The vulnerability is caused due to a boundary error within the YVerInfo.dll ActiveX control and can be exploited to cause a buffer overflow e.g. when a user is tricked into viewing a malicious web page. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in YVerInfo.dll versions prior to 2007.8.27.1 included in Yahoo! Messenger downloaded before 2007-08-29.

SOLUTION: Update to version 8.1.0.419. - http://messenger.yahoo.com/download.php

PROVIDED AND/OR DISCOVERED BY: The vendor credits iDefense Labs.

ORIGINAL ADVISORY: http://messenger.yahoo.com/security_update.php?id=082907






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3058