Messaging & Collaboration - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Messaging & Collaboration


Yahoo Messenger Flaw Being Exploited in the Wild



 By: Lisa Vaas
2007-06-11
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Messaging & Collaboration story.


Rate This Article:
Poor Best
Hackers are able to exploit a buffer-overflow vulnerability in Yahoo Messenger's Webcam ActiveX control, typically through Internet Explorer.

A high-risk Yahoo Messenger vulnerability is being exploited in the wild, jacking up the criticality of applying a fix to avoid system hijacking.

At issue is a buffer-overflow vulnerability in Yahoo Messengers Webcam ActiveX control. Attackers can exploit the issue to execute arbitrary code within the context of an application that uses the control—typically Internet Explorer, according to Symantecs DeepSight Alert Services.

eEye spotted proof-of-concept code last week and predicted that a malicious exploit would soon follow. Sure enough, DeepSight has spotted an active exploit in the wild at "at least one" site: n.88tw.net.

Resource Library:
The exploit is put to work when an attacker crafts a malicious site designed to take advantage of the vulnerability. The attacker then lures victims to the site by sending the exploit code via e-mail or hosting it in a remotely accessible location, for example.

When victims visit the page, arbitrary code runs in the context of their browser. If successful, the attacker then gains remote access to control the target system.

Affected versions range from Yahoo Messenger 5.5.0 on up to 8.0.0 and those versions in between. Yahoo Messenger 8.1 isnt affected. Users should immediately upgrade to the version Yahoo put out to fix the problem late last week: Version 8.1.0.401, posted at messenger.yahoo.com.

eEye Digital Security found the flaw last week; its original advisory is here.

In lieu of installing the patch, DeepSight suggests these workarounds and mitigations:

  • To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.
  • Deploy network intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.
  • To reduce the likelihood of successful attacks, never follow links provided by unknown or untrusted individuals.
  • Implement multiple redundant layers of security. Various memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attackers ability to exploit this vulnerability to execute arbitrary code.
  • Review and adjust according to policy any default configuration settings. To mitigate the possibility of an exploit through HTML e-mail, configure e-mail clients to render messages in plain text. This mitigation may adversely affect some functionality of e-mail clients.
  • To prevent successful exploits, disable Active Scripting in Internet Explorer or set the kill bit on CLSID:9D39223E-AE8E-11D4-8FD3-00D0B7730277. For details on setting the kill bit for CLSIDs, consult Microsoft support document 240797.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Yahoo Messenger Flaw Being Exploited in the Wild
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Messaging & Collaboration Articles          >>> More By Lisa Vaas
 


x}ks۸qf89zڎ-9щmXJ|*-EBCR~ /=hɏLn-`h F?;;o~$rLșkmJvg9 D;;?&GP|kQPo2r}R  tӌ5q:! M>;|9|@vD%SjMaCkfFcWf2ʼn5m2 f E1;GI {6 #&֥ϊͻ#k[!tUN(oT|0tgL'þ=a> e%k4݋IG/(0;l[Gݑ[cXsIVHx)ɡæI!_CRp`iFW+׌<m\^\v2?vN|bPk5Mz"1h ؕ 3Fz W'Kyw''K|wH ݹOlDM Wh6w0+Nկ7#?o!nfdPp9L+pz/H ?{ǃ2 ᭋGcRdt,A2u'PZ,w fR'RCX*,>Ja͢4-I`ߖIf7[ )A4VtBmT7ohH2 f4 .ϭFp- @lo K>(H)5?&FyϚb.L22z)=u̗W/b`(AK/g ڊ5t*転(if1A0<^f&/_\D 3 p 3d{".ӰervZn֖͉*YX[u5jZl/~<ҲKwI|Iw᧳Nzǫ$ # EHYf7-vI0)긦ժ} ,𢲯*FX8ʍ85m!SGñA &s;,wvΆmNQ}51'4b}t>'჎(>h&ƋCoriBݘZH/0i V8;ou#uӹ=U45(h`GI l"&qsк`&AX@[3aP#[ѽ+:Fz?A6 =2/?>fCxwݐ2ai[[zESZ2{5k暭l0!/Ȁ2n(这,9؂ Yb>::]{~k2]v  c~>JeכA6ҧ [BSjj3Ä烄7@ƅ/Љk`{:߿:P[}?,Y\N'|r P[Qz{=cTfla8lX:Ŀuosj1cQ_(%UMPF[d"vd\6˰@eִ &;vm۽G z4ܓ(yR+r!) 'ֈQ8U1']g ĕQްvPk6&%wpH} [ܑ \wbSIB?MKRMm&Xk5E}c*OqVxxGC E .҈ Z3(DrIab H$ԫ5 H`mR@:kRUxC@^q~ WJ%$]'uX2H}j}tǜ}h32 y ΣY^JZ alhUUjVCfGs<(yO=b1xԀ1h_{{5(Όe6Z🥓^Qz=t5ܦ[PK.{>'=\VaQSF=4FX\eHЮ#cq_TҘwF(/9 ΔsNjZ`Z>5[Nᗬۉ{10v?\3j y58.w(p-4J3%NJt$ ҹD\W4UudԻe(bՈ=G:npJEWFڬ|6Œu l?`gW`p1\DAPBlܓ_􎯍-&oZc d6ōfπiΈdž2m} L m_ۯ `E'87D15ۍ~XC8ߊIUP3)æRQu@VI^Aұg /@C׳@.5f^u,σ24A̙5YVRFW}X`"-Yı Ebbbק8o,yJu8e3 S`e3*~g~hKJ]ad|?T\R=@V:M|ݤ1p N.u4w H҇rcO W-RV%%~Փ!vI#G"ZAX_dL59AKl!/`._S(c/hTMZ.)+ia/ ~ dwm!  PG c-Bwi| @ O+s44ڎbpDM? h)렙tS6eU:.izIRO“pӁ9tG&l~"ڊtģ'h2)dnQ==׵![^H?ws~̡n02A |$U˚V*jșe0F\0BR1|B$r ]N7._VZiva *s>PV|o =$Ԅ7wLaV*S7A!RD##I UI`w0DR*MgFssb~j.N+S@/I6 \S.:;ld~g]ItU=x@Jۧ>Y1Aq3љ^;t߽yzŻcq >|οHû=k4.[ltJj2i&A)hd]1~ܮ/co/ZvtavNQ啀^9 3u{.d};]x{ޑҽN z's5B DH䄬W!zO;fS k3d8)(xdqH=^p@ښ һlw.9`B4c-M'SA0u0eVxy~nUkq ~ ナ:`AQ1@+JFHvVfp="BtX 1ueE/b)#Q\(둞,9]8Qlw>#FE'~YVSX x4~K0Fgqkvc~:)}Cϧ9˝~H (Í7"lSOKԫ2L:1D&rޚSE[B {BAJ;TLA:߄q?IkvYغ[̘pA32%Ibϔ 5m$Mj3fkC@$Ÿ_:JIv(+Hl(dAjSӚmf .鞽ۺm|<:RpLC2à{: e!>RဏQFh 鳁Vˮu^c'`|x=Na.}LU9 ~\A=?r$}ݛ9V8:FHS p'#9ʼSsa( GW .k CveNأ&k{?ɄKԍ)A/sBk|9GR r0xf&4NlEwy'("sxQESre]O}0]vY H-Ѝ>z}h_&o})s'Iƚu haJojn6Şa6 ݣvV:}'i?v;޽q¾"CWq+:i)@Nl"$$EUՊZFr,WU3$eNFftZt@2M3}9JfyӼ4iɜAxl7B_7C\pb]CAcqU~(TR .aO"J骇v9c]MU,^RRMJ>^&k" h6vo"Y!0N ĦW=1_3~1OO=rcG]UA U h CzU`{ƅ=RH3@*yx\]w71&P)<A~F<v4)+xΛF}ia3⫆†~@F' FYX W+2?c#ޚU=>d &0-Ösop)]1G(QBqhT8b;&K* /UJ撚/,גrgL%>Jd^I?yTD ^\Uk{‚It|LJ2i,)dIcHHoiE.RMJJ<^&Rvodcx'p٠܅ jqs&IRee~LSUR|ql}<,heϺ6C&K> mj#NcRV)ݕ 5W9]#Ռ(K„hD9g{iS)XL Ԧ3a ?>m"W8($ipkaIW,TL'?sNo@%[ao,+@' !w4%dDͭ_Y`wU|n򤤪Z}> CkڳZ ə鮐[4P orEoRTR*9D<"$= 1'=jM)`g $A*< 0[߲t|$Ey NOx%Teӥ 3# HD'Ry9r$0 Jce6GB/< %偷m[;u L" tbIcgy3GBQJ (P Z{6D-*oE_5IJJ}S>5>_q# w w~w~w~w~}oE+M{qT0m Y5qVҥ6/gpS?9..`-Qa9bD'LK%@ ]wa2mjNus"*7$gswb)D'TZ}]wcaZw>f)qQcKkOs"A$H"aI5 o^] ( 54ln]%[9sqy̚~si'}P#֌q )\)ڮB:tLoa& Ld\F)q+OE,"ַC)ό+G!U=a*BgPŸNn4C`Pⱀ ë  .B|1x𢑭Qs]ɆsN:`uFue+㽂x:˳;\#?aG>ܼŎc~ E?mw B5 둨ޟƝ#rכKy~Hx wwww7w+RŲ:1%4@rǘ'g1o}B ! },IzD|7ksӚ_ ~0Z3tA]X;]#czHV4pHhCg=B{s7*/um 8‹0&,0>n/zB넿N@bc~!|3 ț{yHpNa EUso-tĎJtgxU!*{OG05וkhՐr+TmХB(?o^?^1"^qAG}h*|mGR|jZP~KU31ú嬟A(Ca7%"%vh0\OhC]>|J0_k,-${=5o`iQ67%$HCwVhl~cˬZz;IbƎ;U Q 7! 4B+lxы_vuF9 `]?o Kf d Ep:^Νn 0^찆_s ٩w,fER Z!ߤƀm_mB(NH^uσ dUokoȊ>,nRy,徯Gjr,Eۺ C؆_߳MZTˬk.EQ3 ƹ)j0X1g5 +x((mG7z $|p0sפ{ t:+k2_)P {erg闶QO}K9ȼ p@jpO׌f}T\bd= D?\<9Eq!t aLDg:XTl{#Ҹol`1tq*o,2<7=XDq)5#=F(Ǘ9<4tq'u4dz{fߍ~TPAfXt~ׇDY1K}#M*b m0B~ LuM|Ix#o ?.%Su,,1N|ɚy.ǝ膐SPőEG\y| . 1PSo\x?q*n'@ ɝ}o0K=~FyQw9Ƕz,cb5BXk@x{$3d _M ,¶։aDM ȡ-TWg`*׶/N|߁Dǹ` '0m+`1˩I#샒=%xٍC? ,Q(Dwo$q0?:- VFXz- wĄU9D NE7wEa%`<ĒI <^R_7Le \sf61%]Q>sjtVS՜R<^gYJ zvj= aE*B 'UNz ԣ:BM2WU"j%x7-5֠)|9}nZӚbfă ZOka`;Xḯkj=!vYC`)}+n-{sxb(fUj*+la8uz_=Ԙ|-*);,Ou%<-MU>1#} ?tkiLfƗQµkI*d SDcަE"#MZ~RQߡ,d;WVRer(KąACurS̚pރK\ɨG:gۍy`,5 g,bi+TJ M&?;g5(1 r|jX7zvɦA:`B|%~)+^` ׍ klϳ܉_hDnJ2\kV*^Dyj $Z$un,u{sȑ뛋uNc/,9)Zt/0̊|Ux[hhwQfg1q8莥сH5,k4(OsYu?d#jϊ5VrI,?z`,]jMh5Mfikxo< 4cPxcDU<11t#PγjNT]֏pY|XC3 L_]|ĭRN+S[ZS!_EH_t[6KfSL}i2o¨`*UI٫T~ ѻ/V# "6 ?Ki\}ay1p4*pgj9U KdL 2@: xE Aߟ/}i[pOr!wgII!5S"&5,ǰL#|- RС Ae{S{9KqE#/ P_%RT*t]\P"@H>Q|??~e OHB}s ц> dFé :la`t.t^ϼðq;]_@fV)pRt=:rtԨ)ʞ*|{#@u9,2usx\fJԎG$%Ѕ8h,-@"!9͉Kkc 7úޛZF #~aP8\  +z+uT'I]WP)q!xW`ǪZIWv'0x0nV? .4%WPRh 4 V cvFCdPr:\Sݹcgrһ$-rrǣeb흓i OZNAw/|veQȱkH7 r:X)` ѻFQg r!>wN;;IJ/NOs?@/P%/חR[9=(#֗NN1/?]N}w vmC9CL<~S?/?9A5r 33{3Y~`g9?<ˡ3ϳD='(SS~g909{s?09׃rˑ?=/rqCE@?9Ӈs߇s?_P>'(W3OO9r߫rڿʡ=>k]T(RhK "S^9,Orb%q(`hkcۛ]|LAo^0–,ٵ&"mqd d`6gG|םۈUv+ufp]_3)D$N~'I -sO=9$Id`m\90t\]ˡgY%>FW]$ A_$|NbhRxXU7gԹMa,Nd=:rCShx _ uCbloE52FXk[^̀ԛZd\7Ay| J}L.˻1*[ԟ"1HXY\Z8:Z5m$$&3@ gQlVxHBRw;oo뭻$ (\dz\g;unv vHǙ,!l%E a'_!?{ [D=$y1|o,Gwfgcւ_./gзc/K{KVo7(&\`1Fʫu\|i\*KxҍHIh/>~ElC`A_0^eKB$u@' ;؆S11|j;;1TeΝYaYѶy S~j](#o6x}°҂k̂[:γ@WCr 3қ!]c*i|? Ge Mt4C&s ܈}DI#_?Fq: /A.Sl 6[ !ˍ Jmˬ1s¹"UXHَR ,~:3/yΧ OWt:y@tzl놮Ecuݎ¼ȶJ{]Kl CamR>GK ]'[٧3й?-Rw/e[͌ߐ,{ QAbV@q삢UnD<@x5ƭn_c,J^Hs݁N5*Svrlǝlr n!%c#nMvbes~1(