Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

After Google Toolbar, Yahoo Toolbar Bites the Dust too!

Yahoo! Toolbar YShortcut.dll ActiveX control remote buffer overflow vulnerability

By Bogdan Popa, Security and Search Engines Editor

21st of December 2007, 08:21 GMT

Adjust text size:


Yahoo Toolbar in action
Enlarge picture
Following the reports concerning a security flaw in Google Toolbar, a new vulnerability has been disclosed in Yahoo Toolbar, the browser add-on produced by the Sunnyvale company. The YShortcut.dll ActiveX control remote buffer overflow vulnerability affects only the 1.4.1 release of Yahoo Toolbar, but other versions
might be vulnerable as well, SecurityFocus wrote in an advisory published today. Since there's no exploitation reported yet, there's no solution available at this time, but we expect a patch to fix the flaw anytime soon.

"YShortcut is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input", SecurityFocus wrote in the notification published today. "An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions."

Yahoo Toolbar is a browser add-on available for both Internet Explorer and Mozilla Firefox users, and it is supposed to add several utilities to the famous web-browsers. For example, the Yahoo application comes with a pop-up blocker, a search box, a bookmark utility, a spyware removal and an in-built anti-spy technology. In addition, Yahoo Toolbar incorporates shortcuts for faster access to Yahoo's services including email, search and maps.

Yahoo Toolbar is pretty popular among the Internet consumers, as it recorded no less than 37,437 downloads on Softpedia for the Internet Explorer version. The Firefox flavor brought only 11,699 hits. Google Toolbar is even more popular, as it recorded 56,822 downloads, while the Firefox version attracted 8,188 users.

Just like the Google release, Yahoo Toolbar comes with several customization options, which allow the consumers to add new content and organize it through a simple interface. In addition, the IE version comes with tab navigation, which is a pretty useful function especially for the users of older versions of the browser.

TAGS:

 yahoo | toolbar | security | vulnerability


Rating:
Fair (2.6/5) 5 vote(s) so far    

Read by 679 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Yahoo Toolbar Tips

Yahoo Toolbar Updated

eBay and Yahoo Roll Out New Toolbar

Yahoo Toolbar Gets Hot Security Features

Yahoo Attacks Internet Explorer

Yahoo Gets DivX Quality

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive