Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Webmaster / Yahoo News

Yahoo News

Yahoo Messenger Still Unpatched, Users at Risk!

A security flaw remains unpatched

By Bogdan Popa, Security and Search Engines Editor

18th of July 2007, 13:52 GMT

Adjust text size:


Yahoo Messenger chat window
Enlarge picture
The instant messaging created by the Sunnyvale company Yahoo is again vulnerable to attacks but this time, it is even more serious as the firm's engineers left the hole unpatched. Rajesh Sethumadhavan discovered a problem with the Yahoo Messenger address book handling because any malicious entry added to the application can crash the application in a matter of seconds. If you're in doubt
that you might have a dangerous address book entry, you can try the following trick: login into Yahoo Messenger, go the address tab in the application and place the mouse cursor over the items placed in the list.

If there is any malicious address book entry, the instant messenger should crash, without any chance to recover the information. Of course, the exploitation can be done extremely easy: send a dangerous address to the user and then trick him to place the mouse over the entry. According to the report, a successful exploitation of the flaw might allow the attacker to execute applications with the same privileges as the ones owned by the logged user.

This is not the first time when Yahoo Messenger is vulnerable to attacks but recently, the instant messengers were all affected by more or less critical flaws. Take the example of Trillian, an all-in-one instant messenger that allows the users to connect to multiple networks in the same time, including Jabber servers, Yahoo Messenger, MSN and AIM. The security companies discovered some security holes in Trillian that might harm users' computers and make them vulnerable in front of the attacks.

Some time ago, it was reported that Yahoo Messenger has become a dangerous program because the hackers are trying to launch phishing attacks using the chat application. Today, a new vulnerability that sustains the same idea is published on the Internet. What's the truth behind those reports? You choose.

TAGS:

 yahoo | messenger | security | flaw


Rating:
Good (3.0/5) 2 vote(s) so far    

Read by 927 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Yahoo Advertises on Yahoo Messenger

Do You Want Yahoo Messenger Into Your Mail?

Yahoo Launches Web-Based Yahoo Messenger

How to Get Messenger into Your Yahoo Mail Account!

Yahoo Messenger Goes Crazy! What Should We Do?

Yahoo Messenger, Yahoo Mail and Yahoo Search Go Offline!

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive