|
|
|
Yahoo Messenger Flaw Being Exploited in the Wild
By: Lisa Vaas
2007-06-11
Article Rating: / 0
There are 0 user comments on this Messaging & Collaboration story.
Hackers are able to exploit a buffer-overflow vulnerability in Yahoo Messenger's Webcam ActiveX control, typically through Internet Explorer.A high-risk Yahoo Messenger vulnerability is being exploited in the wild, jacking up the criticality of applying a fix to avoid system hijacking.
At issue is a buffer-overflow vulnerability in Yahoo Messengers Webcam ActiveX control. Attackers can exploit the issue to execute arbitrary code within the context of an application that uses the control—typically Internet Explorer, according to Symantecs DeepSight Alert Services.
eEye spotted proof-of-concept code last week and predicted that a malicious exploit would soon follow. Sure enough, DeepSight has spotted an active exploit in the wild at "at least one" site: n.88tw.net.
The exploit is put to work when an attacker crafts a malicious site designed to take advantage of the vulnerability. The attacker then lures victims to the site by sending the exploit code via e-mail or hosting it in a remotely accessible location, for example.
When victims visit the page, arbitrary code runs in the context of their browser. If successful, the attacker then gains remote access to control the target system.
Affected versions range from Yahoo Messenger 5.5.0 on up to 8.0.0 and those versions in between. Yahoo Messenger 8.1 isnt affected. Users should immediately upgrade to the version Yahoo put out to fix the problem late last week: Version 8.1.0.401, posted at messenger.yahoo.com.
eEye Digital Security found the flaw last week; its original advisory is here.
In lieu of installing the patch, DeepSight suggests these workarounds and mitigations:
- To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.
- Deploy network intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.
- To reduce the likelihood of successful attacks, never follow links provided by unknown or untrusted individuals.
- Implement multiple redundant layers of security. Various memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attackers ability to exploit this vulnerability to execute arbitrary code.
- Review and adjust according to policy any default configuration settings. To mitigate the possibility of an exploit through HTML e-mail, configure e-mail clients to render messages in plain text. This mitigation may adversely affect some functionality of e-mail clients.
- To prevent successful exploits, disable Active Scripting in Internet Explorer or set the kill bit on CLSID:9D39223E-AE8E-11D4-8FD3-00D0B7730277. For details on setting the kill bit for CLSIDs, consult Microsoft support document 240797.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
|
|
�������x}ks㶲*�Q3Co{)ْ:c[>f*-EB�c!)?=~bv�K�Zc�'cK�h4�F�w?I�9uur56%S�Eo]"I�~x�C(`Rϩ��IzN�ڶ?
�}�~mks�u�����z��>�;|�9|AL��T�adB$kwtL|ϨT�S_Fܨ�[�`&`1Z�lR!�j
�9i�?i='@I�Rb(�Ѻ�}(D�ߵ-m:
\'|w*Un�Sp{ca_ʞ�z5"h4"j��;^7�w23w:�bq:!l~�m�ڮ�U� ؓ�ۭ@5l�"�s9ȹ�׳]�07dc7l#205b )�V�,"&�3íе�:s���z08ryj5jfO-�=K;O=k��\w=j�P?bA2xư!$ny$DJH�n6�,uQj)BmMϳؖ�c~�H8C�EnU�![۾�t�s玹Of��e�$ENX*�o�~�cn�.Lj�X�vL<:�}YͼaF3l˸;4
@SKVUBX)ځ^r{{�ӽm˙Y8N_�ǯSjz睓� �`h5vdu]+h5�e=;yظ8SDt8�+to&37`J�LTRB`d"�A�1q�j�g`�rM7JQ߹pKX+hv��dꁑ�f1<˧0CF_8RCf9�->//.;6鷏N�/;cd̲1<�JEӀ��Z�vb�!?X�W5Uս%i?w=d/#t: +?;VV'ZU�lxiuHz>54�01\�]Z-$5�VM&�usDr,_�do_Og�;Be}#�7�ReQ
�o̱n>�@|ˤdx6M2T��ch^�ԩ#5ǯhVj5Vi?z�[PĿ� G/<@'�L[7�p3Z&9T2��3=M��H��=k
�3!RBʼ�ĿI�K
_VPJB�-)\D7h+�Ԍ�$ٛ�"Gn�;Cx��r!DKI��88�{���NR]�.iغ�\48��?֛esJ�Vt]�;1EяzZTp�x3n�O�]t{]t�0*>c]�g�",�Q�qsuTSt*Zl:��|�5Ճ"T���G'&-d`q86ayƔIG�?{?�����aO>�)5>�'4�}t>�$��ticšh4N@7&��h`C:}ҍ�&MЀ
wG|h��x:,,Abχ�&a`M?�F�m�|@�T�;�([??�� �
G`pn]�&��xk
�y0f+лCi`y1�&=��զ�@C ,z�z��C�
�wA��;k
6G~[>l0��s�z7�tN\IQ��-��y"= E�EK�y3@� $h�5�a��z�.���
�ŊI^KH�X-�Vpp�(6ݞ�H:u@-JEs㙰TL٣XB�Y�X/_��23CCɴa���X�9�{DM�f�T`B[ụDKa�k`F\rA+ŲMCA�ӀIQD�Z�Uj�5�YQ��C:ӡs#ϖ��߅#f{��+�UVj'#S�OoZ�rirX,y|5lD0(2n( 鿛R&a+\ڨ�aO#w�Asm0Ho��[�t��N��MH
&��Ea e�-�&VUmTHbyq�0b=��ѻ1rt\Xtf²�ה])OhMvp��"�fk�xF3�F�ԑeSPݷuIAʫ%E�f!lX.)�Ui��j"�yd\s˰e0S?؊ ܕV�����R�5sSwhlrMcJ�rEu�x.(J9�)` N� 2&|h�:|�#H�& ,w�\d����g0!O�P��\Q-W0.#_L��_LU1(TO�nQ�E^~~
V��K�Ŵ�谢��zԘ{}Q�ː
0gted��->��IR-��ʪZ��Js��s??2�:EƟQ�:9pG#~y~?90?_Sc`9gR�+J����Bgw%�eXY81f�-��1�0kE
�/ÊTU5+i
fB1&}�l��eA[X�~\U4Uud�¹�`��Qе�a=E��CڷV0!��H�*�7hІ{e�gjړVU;OP(�[Ђ#?mQ�Y�f0`9l*
?ŤD
�LkQsGŅ5��
{é�#f�uMa�Fž�JV-="�9KAG�^320"C�;�wF\!bVS_CO3ܷ�V}uP@�&�_t1�G�8*�z)Oc��ʜ�Eo(SYmq'&F.�,ex.N3 a;6}b;_&*|12S�G)�Z|b\)�.3�zz�`WPj�jz�L*>�ɧM�C� 7P�R[#^�$}=֢,�A���$UHU(V
�$�z�U;*h6Y+(#t�+^��ǽi
mE<�9[ �1�ʨXIV+�Gs;"ʊg�b|�r{q>'F{��l��j>cWՄθ�4;f{Xd;ʲ�"X�I7$#�ְ�S�#nƵj`.ӪV�$$: ���<{d��=૨8pL\'e�M=J6z7EM+v@l+J9wwG2M#g��D�)wji��eѓE�O.'�mJPp,g$
�,�$�%DB�s9ǃ۷BlpH75�SXp|
^?K�{e, ,"0�QZ��p̰Lc
V(YŵyAhhqLL�]|�ﴪ 1@ EE@�j�ߵ?%
?���/Ѝ ?s�c(m�'@Ϣ�c燫NO
�ۦ>Y>�2a^}�^ab> '·~A`�}fw;^j\00��_y>)��X|ptޒ:g�m~1�}�LoAIP
��4�#7= .ƸCO^D^4[�钿z�>;m���F+�!$;�rg�YC\|I}=^C|�sޖX�փ �� i>KBV��fax!wlv?8D@ISL'3U(�I[`deQnKl?e�RL锐'g.O��|Nhk'I^VR6T$��4%!44ALNbC]F+#7g�һhoNpV�H�po6_xvImK$��Ζˬ�(�̗4.נ�i8��V�#�vp~�t�`}QגZ4ҫoeW!9�
?&k��?�7nL�q;�f='Fs)�= �cm:;@�'wovV8}�'i?vݷ;i9nia[n�U�z�yB�J}~l't:�D(jy[a[{CȪ̅S{ۉ�G#S~`q8-<���&l�%3���k�^�x̠t4w���{�{!.u0.s�Tx:o~=ˤa�2]a{�*{�7w�o]VZ�tC.q�D��n&�d/.)%.OE u O�K =�Fݽ]wV5BĬh�w4�
2�UCn�?�u�k=Ǭu,Gi�ƿ_B�c#ZT^?�1�;l�T��ŷ�̈́3S7��p&/5;U�)ye�l�ƚ[�sLBI�pI7̼V�&Q~p*�wCOƥ�E/.q�Ĩ`bow�x7r`f[7!rxV>r=�~Q�]Pm6]rJu�õ/)&fQ�dz� v-qD�//Z�P�
R
I�\�l����Ion�GsM9.<7j�ß>*7TUђ?l@1�!K�/��F/g�#i+N]� r-L( k�h]F݃W#[f=Ohue"�.ǃV'Fo>�S8G�$d(,��Ss��]Ec6GDكҷqdYs�-D{�tu�t/e�2(3.�YMh�4qo���՜Ah�Ӕ׆� O)2D�xB���F?;ۊ29-&>֎+b?bL {*];n.b%H,xDޣdId+�M$e%Ɛ^Anr�&q^��m%T-8aY�&IƈH9ӄ\d'K9!ivyjTn�K�nF&��ȯw�/4���8?sqBiezLvDC��k}j<(>�n�7
^ ďg�̺6#&�>���= j=NZ)FJbw%
[�ćm5BEŴ�Ru0%�r^T8S�%)'sp6DNs�fce�&$ka�I5(�9�O[P �&9S�E�pS)'�%4hl
�w�oP&%UQ�^Ӟ�p_jQ]Q*RX_:%P(*���%�( n%N�@_�=*!A�C#^zI~+<�E9$#�KY%'+]�I,եcN5-UF1�<Ǡ��%\Ò#(Ay�l�
��[Tފ*RU|v}I�����~fKjiLJ�/t@ 3Ϻ�6OF}ml^�LSٔiJ4- =|��d5nl\uCNx6kB�;cn�-:`71W$ZT7A: AꊃR3�pc-;8,"`���X$E�)L�ْ*G!Wќ4&��Ru� k�Iy�cZ� ��I� �6B�QZ`Чw7d'lũm}^#R^Rv|\~�9Vѣ�\ī�� .M|1�ytQc]Ɇc.c�ݗ`Fu04tш2\$Y�ksnz)�TrZ�h�~�Ll�f6.{�M_ro��&`� l�j�V�X�VCEQ^zf0m-mYރ
]�6b5�>Ѳn|6s�0W/�%4�C2CbM$t86/O�gS&e<
m~ii$�=��9Kb9_"O~{sפ{�|:ބϠ 87e'
~03/A^K{�£��W��Ǘy�00Bw2О$/NMw�q�T\�bd=�
T�?^<>E�f!J��t@
aL7:XTl�{CcӸol`ڛ�8[7�~�I=eO)�
x�}�-�6#Ӫ=B(Ǘ��sXyhF!;Ouطz�f�4^X��PAgXt�<�",je�ͦ��l1a���:u&F[yiωD#?�KD)PG%�]YB~3�NpNxI)LE|/No��?��GM�r4�xI
U0@ 5^�o0{H~���FVV�]{N9-i?�Щr~;�P8K-�%8=겆&:�Ba[D0�-��Wg�*'Nt���]D
`�7%�0mg1ډ+A#샒�=�%h�%I? ,q(Dso�q0?Ñ:-;V��AXz-�D���D�NE07��vya7<`8(ĒI
����^Pl&qn/u=Ll�h*b4�B�-'*58&ƘKjx#VQjjE<=G/ {uZxeL<_AF�+3}&5fL6P;qU6'�a<::BM�EwHTBh��x�-F55�R`sܴܧ5̈��b�vӚ \�lzZC~J[7�^ɕ6�]4_q�=!o7ݝ�AfnVu&��C[wW#On@г٢
R�b,GkX>��MC���~6տ4,\�p:�\πTnUw=jh�D�ԤJd�i�]P)ρVPJj\=w(9
�.ؕժTjQ�ܣF +2!LcaP\j��;|z`{�'`z�Ekѽv=/=w�y��rmݳItgx�
kHу%O:}ҷQ�&txZڊ�BL�{�L��k�|r|P�3�z1߾Z덆ki�X:]L\b?v�^Rc"W�c,z:;��
��HuWkmR)9�?OSRmF���z_`�busι�ʒ�L�i�ͬ{[RJBYIva|�D�uv�WH �X�p,q]�:�IoF
Ki�~RBHuT{V�Q9\{6ވj
#U\R%.�.&ڰkW1儔6�JzN[Ļeŧq+ӘP'�!1�\�TbЍ�B1˪M;InP}wY?e=`
�'2u/x{v B
;=Hl~'�dM,[}�|U:�!i|%wҙn,ÝM1ϯ$>co»I }
'r�t�7�e\S[�:8��� ��Pm̼ϴ@GB�)}o��#b2z�ވ�n8�p"�X��Z
aI�m{7�R[�$yȐ?ZED���'%��q}nD~hvNywۗ=
dNs�2�{V`#ow:K
`0L)ã� 'l�I<�R+�iā��� [z˘0[:�?�ra):ᘭ#!+^�bΑ,[~mW�/{JM)`�#s~�C:���Z�B���F��2*mGM=/�nrn�-i`IkpO���J���s��IA!5�Q�"�&5,ǰlFLNH-�m:����c�Z|"�1^#&�3(�9Fp_~ <*�H-*�K�E�Q\V�P�*@H��>Q�|���?pk2�%�Tmn$|�s�^+&rdJ��Au�A"�\2,�G��we~tHM�(�>g�ٕa)XUK�ʷFy
|%BX*_iB�R.
��?$-GF쌆=xɾx�u0 }a3brOtzp���_q4eMz�{G~{N�ۧ+;jȑkfhw>��>r:X)`�ѻzIc r��!>EOG}=o�IJ/6O�O3?BnjP5�/ח�5S�](f#ח�vF��/?��g�!��NqY_i�VF9�3r^Q�ʿ/?��ake�,g�,�>,g@�A2�ygg�2zP9�O2�(?r�=�9ϐs�����_.?.2�x�2z^F{^F�
忮/�)>Cr}�}Π�_e�^e��U�%:Iʘ!g�\8=R��fr�~)A_d_�y*%qFy
3YY�~veX^dй\52Я!eߗ�w2~62Av.BX\jzr+g^e5�v+iAF۸/6�R^a/��^ؤrp�<̂\+�g�ل�@CX{#uO�'NW4C�\]M�b}+|UnE�+t"LէXE)9�8�Gc_%�[n3'u��U�QǒGЬ�g.Ñpۿ{剹?|�[a[�G$Q�=�PW.�v�)s�ɛr%>�|
SG0��nsOkr>ub��xvY^]Y�;X�;Yo�%P/YC�Isgev'σf��ţu.TVl<- �5Q3[� ÈC?�s
Hw?&�F�,+/�g�u> Ҿ�7rϒ/ hE/Qx�}J��,�k5��k`Q{e\sÄ�#6O
5U"yO|v�3.|H-��'$}���'r�>t��Y�FG`�B�O^uN[�sDLa\Dm�8J�(p�0>f@ZA�/`51B6�~]2�%{3�f@L�@q|1h_u�$b��V$1x_%05:�%�xb�Ӎ�AfWRn˩s
�o
-
?yU6�dn3]
7t�gG=ם�P]j+Qݎ;S�}�O�!��N�հe"f&'0�
�!=�x^�38�N"C�a
�e&�xDBl����K_0ȧ3cY3 p�5�9`&<9ϖ$|Ŷr.i�G?&l�Ek0�|Fs`+o94vB9gq�+.Ġ/2>gG4WB�Mx�XU7�ĹM&$rq�;at]&��bAoN[a��>$VSPsXOm:�Zd�\7�Ƌ�rd{Koq#+nv˧�D'7>��6كl2p~��!(_E+0��H�ˍt�_d%�\ d�<�lԷ�@FC0!6���i}.�KE�%&(Xp\GAΙiĿ�Q���.�9���Bu�z��Ϸ����<
v;�͇OV�e؋$|�
_�[0~�Y��+m˕bA,\B�7tl%Ng�sZ�%2_��H�ʶ�v*!}�X^c �0У,*0�9�5�E6<]܈xj[ݾX�g�
昻�k�OTxXݫlہR#nș-`�jk�7EmEtA<;=�k=���{��k����cCΜ6tU �
�ᘭ��=d_q�x�N|,�ؙ9uV�Ex�g)d̅2 !NZxyU~ҥ�N�.I,'_aQd+8*)�ؐ�r���m5'0X�1'(���R{Lf7}Ma�N*)As�a#Dl���[ApF7/\29LgѸ�{bb�V+KQlw6�k+�ȀH>Y�D�5R7LP�9Γz��0�~�
�_gˮ%tĵa=<üpa��#S�ѻ�&� �Ax���v�4%hw2b5�9=ʧ3N�~q��a\YB��C�^i{N�`!t<~!3L*`'Ng��vX�vQ��J=Vju?$+==;`7 r9F˳��G`b�hPfYWVI�G�Ŷ��b$-�U.ä�yaL셳Qbmئd�Ui2�9J{) q-˕4>�V0oǝF6Ȅ
��#n�v�bec�\O)��
|
Messaging & Collaboration 
