On TV.com: TOP 10 Shows CANCELED Too Soon
BNET Business Network:
BNET
TechRepublic
ZDNet

June 6th, 2007

"High risk" flaws found in Yahoo Messenger

Posted by Ryan Naraine @ 6:51 am

Categories: Botnets, Browsers, Data theft, Exploit code, Firefox, Google, Hackers, Metasploit, Open source, Passwords, Patch Watch, Pen testing, Piracy, Responsible disclosure, Rootkits, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Yahoo IM, Yahoo! Inc., eEye Digital Security, Flaw, Ryan Naraine

In Focus » See more posts on: Yahoo

Researchers at eEye Digital Security has found several high-risk code execution holes in the Yahoo Messenger instant messaging program.

eEye has released a bare bones alert to warn Windows users of the remote code execution attack scenario.

Multiple flaws exist within Yahoo! Messenger which allow for remote execution of arbitrary code with minimal user interaction.

As per its disclosure policy, eEye is not releasing any additional details. The flaw, which affects Yahoo Messenger 8.x, has been reported and confirmed by Yahoo.

[UPDATE: June 7, 2007 @ 8:57 PM] Exploit code and technicals details are now public. If you use Yahoo Messenger, be sure to follow the mitigation guidance available.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 2 Talkback(s)
Flaws list
Great list!!! You should consider putting it up on ListAfterList

http://www.listafterlist.com/

It is a great new Web site where YOU can find and create lists about anything and everything.... (Read the rest)
Posted by: prattosu@... Posted on: 06/07/07 You are currently: a Guest | | Terms of Use
Yahoo Messenger Flaws  The Smoking Man | 06/07/07
Flaws list  prattosu@... | 06/07/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and