Rhino
08-30-2007, 02:22 PM
TITLE:
Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow
SECUNIA ADVISORY ID:
SA26579
VERIFY ADVISORY:
http://secunia.com/advisories/26579/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
From remote
SOFTWARE:
Yahoo! Messenger 8.x
http://secunia.com/product/12122/
DESCRIPTION:
A vulnerability has been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the YVerInfo.dll ActiveX control and can be exploited to cause a buffer overflow e.g. when a user is tricked into viewing a malicious web page.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in YVerInfo.dll versions prior to
2007.8.27.1 included in Yahoo! Messenger downloaded before 2007-08-29.
SOLUTION:
Update to version 8.1.0.419.
http://messenger.yahoo.com/download.php
PROVIDED AND/OR DISCOVERED BY:
The vendor credits iDefense Labs.
ORIGINAL ADVISORY:
http://messenger.yahoo.com/security_update.php?id=082907
Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow
SECUNIA ADVISORY ID:
SA26579
VERIFY ADVISORY:
http://secunia.com/advisories/26579/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
From remote
SOFTWARE:
Yahoo! Messenger 8.x
http://secunia.com/product/12122/
DESCRIPTION:
A vulnerability has been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the YVerInfo.dll ActiveX control and can be exploited to cause a buffer overflow e.g. when a user is tricked into viewing a malicious web page.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in YVerInfo.dll versions prior to
2007.8.27.1 included in Yahoo! Messenger downloaded before 2007-08-29.
SOLUTION:
Update to version 8.1.0.419.
http://messenger.yahoo.com/download.php
PROVIDED AND/OR DISCOVERED BY:
The vendor credits iDefense Labs.
ORIGINAL ADVISORY:
http://messenger.yahoo.com/security_update.php?id=082907