Yahoo Messenger ActiveX Vulnerability

All Yahoo Messenger users that have installed the IM client prior to November 2, 2006 are vulnerable to attacks that exploit a buffer overflow in an ActiveX control of the product. According to data released by Secunia, Yahoo! Messenger 5.x, Yahoo! Messenger 6.x, Yahoo! Messenger 7.x and Yahoo! Messenger 8.x are all vulnerable to attacks.

"Some impacts of a buffer overflow might include being involuntarily logged out of a Chat and/or Messenger session, the crash of an application such as Internet Explorer, and in some instances, the introduction of executable code. For this specific issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their web page. To our knowledge, there have been no known executable code exploits related to this issue," revealed Yahoo.

Although the Sunnyvale-based Internet giant denies the existence of exploits, Secunia has rated the vulnerability as Highly Critical due to the fact that a successful exploit could permit remote code execution. "The vulnerability is caused due to an unspecified error in an ActiveX control and can be exploited to cause a buffer overflow. No further information is currently available. The vulnerability is reported in versions obtained prior to Nov 2, 2006," stated Secunia.

In this context, Yahoo is supplying an update to resolve the ActiveX buffer overflow vulnerability. All you have to do is to install the latest version of the instant messenger client.

MORE RELATED ARTICLES: Microsoft Increases MSN Hotmail Storage Space Upgrade to IE7 Optimized for Google MSN/Live Search Market Share Sinks MSN/Windows Live Search Drops 8% in Search Share All Eyes on Online Video Windows Live Projects Indefinitely Postponed MSN Is Unsafe MSN Premium Unveils Version 9.5 Get Cookin' with MSN IE7 Speaks Chinese and Hebrew