August 16th, 2007

Beware of strange Yahoo Messenger webcam invites

Posted by Ryan Naraine @ 7:20 am

Categories: Botnets, Browsers, Data theft, Exploit code, Hackers, Passwords, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: McAfee Inc., Yahoo IM, Webcam, Yahoo! Inc., Ryan Naraine

Exploit code for a potentially serious vulnerability in Yahoo Messenger has been posted on the Internet, putting millions of computer users at risk of code execution attacks.

The flaw, confirmed in fully-patched versions of Yahoo Messenger, causes a heap overflow to be triggered when the target accepts a webcam invitation.

The exploit, published on a Chinese security forum, has been reproduced by researchers in McAfee’s labs. According to Dave Marcus, security research and communications manager in McAfee Avert Lab, Yahoo has been notified and is investigating.

In the absence of a patch, McAfee recommends the following:

• Do not accept webcam invites from untrusted sources.
• Block outgoing traffic on TCP port 5100.

“This one does require a lot of user-assisted action but a successful attack can cause full remote code execution,” Marcus said in an interview.

[UPDATE: August 16 @ 12:06 PM]  Yahoo spokeswoman Monica Ma e-mails:

Yahoo! takes security seriously and consistently employs measures to help protect our users.  Since learning of this issue, we have been actively working towards a resolution and expect to have a fix shortly.

ALSO SEE:

“High risk” flaws found in Yahoo Messenger

Exploits released for nasty Yahoo Webcam ActiveX flaws

Yahoo screws up flaw disclosure, helps exploit writer