July 27th, 2007
Code execution hole in Yahoo Widgets
A serious security flaw in an ActiveX control that ships with the Yahoo Widgets could put users at risk of PC takeover attacks.
The vulnerability, rated “highly critical” by Secunia, is caused due to a boundary error within the YDPCTL.YDPControl.1 (YDPCTL.dll) ActiveX control when handling the “GetComponentVersion()” method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (greater than 512 bytes) to the affected method.
[ GALLERY: Ten free security utilities you should already be using ]
The gaping hole is confirmed in YDPCTL.dll version 2007.4.13.1 included in Yahoo! Widgets version 4.0.3 (build 178). Other versions may also be affected.
An alert from Yahoo explains the risks:
Some impacts of a buffer overflow might include the introduction of executable code and the crash of an application such as Internet Explorer. For this specific security issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their web page.
…Yahoo! Widgets users who inadvertently view malicious HTML code on an attacker’s website. If your computer has installed Yahoo! Widgets before June 20, 2007, you should install the update.
ALSO SEE:
Yahoo screws up flaw disclosure, helps exploit writer
‘High risk’ flaws in Yahoo Messenger
Exploits released for nasty Yahoo Webcam ActiveX flaws
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
