Search Perform an advanced search query SOFTPEDIA
 
SOFTPEDIA
Updated one minute ago
HomeSubmit a program for being reviewedAdvertise on our websiteGet help on surfing our websitesSend us your feedbackGet information about our XML/RSS backend and how to use itBrowse the news archiveVisit our discussion forumVizitati forumul in limba romana



KLIP
  1. HOME
  2. SCIENCE
  3. TECHNOLOGY
  4. WEBMASTER
  5. SECURITY
  6. MICROSOFT
  7. LINUX
  8. APPLE
  9. GAMES
  10. TELECOMS
  11. REVIEWS
  12. LIFE & STYLE
  13. EDITORIALS
  14. INTERVIEWS
  15. RSS
Welcome!
Hello, Guest

Login if you have a Softpedia.com account.

Otherwise, register for one.

YAHOO NEWS

Yahoo Widgets Fan? You Shouldn't Be!

- At least for a limited period of time in which the tool is not secure

By: Bogdan Popa, Security and Search Engines Editor

Yahoo Widgets is an attractive platform powered by the Sunnyvale company that provides tiny and eye-candy utilities able to bring some simple functions straight on your desktop. The product is quite popular and, because you might be one of the users, you must know that Yahoo Widgets must be updated as soon as possible to keep your computer secure. Why, you'll ask?
Because the owner Yahoo discovered a highly critical security flaw that can allow an attacker to obtain unauthorized access to the system. Security company Secunia said the 4.0.3 build 178 version of the program is surely affected by the flaw but older releases might be also vulnerable to attacks.

"The vulnerability is caused due to a boundary error within the YDPCTL.YDPControl.1 (YDPCTL.dll) ActiveX control when handling the "GetComponentVersion()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (greater than 512 bytes) to the affected method," Secunia wrote about the security flaw.

"Some impacts of a buffer overflow might include the introduction of executable code and the crash of an application such as Internet Explorer. For this specific security issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their web page," Yahoo also described the flaw.

According to the Sunnyvale company, only the Windows version is affected by the flaw so, if you're a Mac user, you can still safely use the application.

At this time, the parent company Yahoo encourages users to download the latest versions of Widgets by displaying a notification when running the program, informing them about the availability of a new version. If you want to download the latest release of the Yahoo Widgets platform, you can take it straight from Softpedia.

MORE RELATED ARTICLES: The Revolutionary Yahoo Widgets 4.0 Available for Download! Yahoo Updates Widgets Engine Did You Notice Google's Dashboard Widgets? Welcome to Widgets World Yahoo Goes Mobile without A Browser Yahoo Sidebar: How Useful Would It Be?
 
Comments | Link here | Subscribe
Print | Send to friend
Today's News | Yesterday's News

Search:

TAGS: yahoo widgets security flaw

27th July 2007, 10:36 GMT | Copyright (c) 2007 Softpedia | Contact:
Read by 616 user(s) | Rating: | 6 vote(s) so far | Cast your vote:
Yahoo Widgets Fan? You Shouldn't Be! - USER OPINIONS




We are sorry, there are no opinions available for this article.


SHARE YOUR OPINION ABOUT Yahoo Widgets Fan? You Shouldn't Be!

Since you are not logged on, your comments will have to be approved before being displayed.
Click here to login, or register.
Your Name:
Your Email:
Type in the result:
Your Opinion:
 


DO YOU WANT TO CONTACT US?  

If you have some comments or you want to send us some information you can send us an email directly to .
You can use the form below for the same purpose.
Your full name: (at least 3 characters)
Your email address: (at least 5 characters)
Message subject: (at least 5 characters)
Message text:
(at least 10 characters)
Type in the result:
 
 
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and Softpedia™ logo are registered trademarks of SoftNews NET SRL.
Copyright Information | Privacy Policy | Terms of Use | Contact Softpedia | Update your software | Archive