|
|
|
Yahoo Posts Exploit Fix for Messenger Flaws
By: Lisa Vaas
2007-06-08
Article Rating: / 0
There are 0 user comments on this Messaging & Collaboration story.
The exploit code can take advantage of boundary errors in two ActiveX controls in Yahoo Messenger's Webcam Upload and Webcam Viewer to hijack customer systems.Exploit code is out for critical Yahoo Messenger flaws found by eEye Digital Security earlier this week. (eEyes original security advisory is here.)
Both of the flaws, which allow for system hijacking, are boundary errors in two ActiveX controls in Yahoo Messengers Webcam Upload and Webcam Viewer.
Security researchers say that they expect attacks using the flaws to arrive soon. That makes prompt patching critical.
Yahoo has an update available, Version 8.1.0.401, to fix the vulnerability, posted at messenger.yahoo.com. The company provided this statement on the issue:
"The Yahoo Messenger team recently learned of a buffer overflow security issue in an ActiveX control. Upon learning of this issue, we began working towards a resolution and implemented a fix to Yahoo Messengers software download. We are encouraging all Yahoo Messenger users to download the latest version (8.1.0.401) available at messenger.yahoo.com."
Yahoo also plans to introduce a new version of its IM client over the "next several weeks" which users will be prompted to download upon signing into the service.
The innocuous proof of concept code merely run Windows calculator, but the code poster—whose handle is "Danny"—says its "trivial" to change the shellcode. (Proof of concept code, or PoC, is often used as a synonym for a zero-day exploit that doesnt fully exploit a new vulnerability but provides code that shows how an exploit could be done). The exploit code is posted here on Neohapsis Archives.
"Great results! very relible, runs calc.exe, replace with shellcode of your choice!!!" Danny wrote.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
|
|
�������x}ks㶲*�Q3皢HY/{)ٖ:cY>f*-EB�c!)ۚ�˭����_zВ��n&-@�n4���Iȹ�=&�ǘYN�cSݣ&w$5vv~]
i�zN)�#C3W�rD廚�f�w2v=S;^��> \?g#w��D!x�_'Щ�ѩ�dB$wtL|OT�S_ƾQ/?6G
�Lbh�qF٤XC#�: rWü%~0h='@I�R�CѺ�8�P(�ս'c! [t���9v 7*EN�8Spycf_0�~!U5E�hD#|x\�{軇d3#L�=Vya/
w-m~@�M-G ,ؓ�ۭ@5l�v�y!rs�#�gߎ�z$3d9c';���{ �-�,v2M*5f;б�2�9�z
uur<�r@J�53Ҧ�4I܅N؎M�En�ڏ�U[۾�t�jsfq@ff��r�d�9ac�M �
��@2xZ`:v�xtTa_�dY33�ML&o@֭CU)jjP8,V˵~~/Lp|˴g&Neם�w^(+Z(:e���u7�Z}��m)E�Ci�_u{>~nk�r m��|'k�ɿ;0QT�&*)rx8M2�A�>j�jg`Q��%տpKmVT�Z, T�$0L"�J�1~̢(�2Qu?-~k~:EY6f0R*C�A/]鬘FȏNժ}qҽ�9i}n�z
_GtH
��Wh: NZ[��lxiuHZz>54�0���Z-$%�᧓qeL�u}Lr,_�eB~=w !}O}�fr"GrI/�o,{`eQ
�5F`X@7�? iP2ML9�X@/@ש#W4j5�+t�U&T3o`��2��4��fm=w��a4z�AL4�&:h�)5?�&1gMa�b&DJH7�Q�{mRU.��(AM/�
�5|*T($ٛ�"Gn�;�z�W��"ʥ��c�p1SUҽTwsQ��[�\48�>]7+De.,
s5-wfx�a_w9qj?]NH{Nk~h�Nj�g�",�$��ꨤVʵt�?X�%PPS
UL �F�̶-a[e)u�5߽?�����aM6u��lZ�jx�>:ACA�4icŦwh4@'&�h`C}ҍ:L�`;Nh>[W kp�X"@�@�7w
�)mT.mT^ΆΧޱ�yд��"s=#�-`cg@>`3��ǟG�RlC28c"P�+mne�@I*UE]13R�%\�T�2.Q��&�ZbOF.#�NWɅcًͧ�ҢwZ^Sv?Q6OZ- �V!0� |T30`Lji�WJH�ZS^Cٰ\*��%,<<+ڂ��h0@ ��~H�Lb�Р����\�@�E.�b�r>+
eT07�@A�S��
Ւ.ZE^~v�V��K i?`E�"'>ڣ�s!�a*/73g Z|�ۏ�jZ,V+19ɡ�T9W*
qVX%ZAg~~Ļ8
�i�ߥ: 9pF#~y6��w'~~�L4�,~)�қAk�>sn��μ��+�;0E�<&��{H��eX*`�}JZY�>V:6ʼnG �q?@�TEetXܘ 0��(E{h0�qD��L��ҀJ
5^�ƙd))*ݝ'(R~-h;?9
�`"g�jZ#Uv�'U$jl|T�`ZsnG�<��K�$�X�]�Fj}u��:�*jQa/Y�^�t
m(5#�
�#2�pg��rh)'j*�vO�h#�ׄX[ў#WX�
tV ЛiQvkV �O"cIpR|9���~7'ZEnLsE_C#���dߊ�&zf�km#x-%�9~܄ye`@m�<^���/19��|փ�t8ߙ]?g`̦vѯJU05u
2
\����i̕O~5Ad�r6=_�?L=�[L4G�zɖ0'`'� ��Yn�AjAy̧`꙯S`3�ⵚZ+g|l6c�թ�4D6�3��ȈDrzZB*>�|/I�6a%|�7�[R\.Y��
r=ct�864>uGci
lmKQ
�z�<�h�3$�C�j]K>a51r&]ߘ4�N>��2Q&b�8�7n-+eeP�S/0��yBU)�A^Io6=I��|�{Ac#&�a\xkc}Z}�HUܯ�+JP/ITAtEv`i&x9Ll5�Lfl�'P`�PxGzMʵ"L]8ۤ�Tf<^��ΐۋ�95�ק~@�f@�-�P5^IW�:Λ�k��y*1n�'ve=D
knIG���a
{F*͐�YQa'\V%X-JJIt�>80xnX N��zW�8pL\'e�M=JkO5{Oum{��<�$ɝ?5?p_@3�|PIΝ
vWAl+J9wwGc�����Q@{Gt}�O.'�-˅JV�0�
�s>B)a'd1s<�ēo
-"P֟ۆ {+��7xo~.RȓC$ |J���q�vË�eVpm^?2Z �c��C7O{{Z}{�?"}QL
X�p�ف���#�;?J�'�RT>i/6;/�xǀs�5�_v{~{q@�Dy�Y���D߫%~KKx�iW}q� J>~~8ڝ�?���eB*;f���4�p=$i�kCOճ}e}Au�i?`�yA�ѰQv�NCB|I{�y%%{�w/E�s5A� n2H��O!y[ͫFS�L�o2�Y�GR[=ֈȰ��R �Z_ƥ{uҺ̂1�a՜$�"j*�MN3dn
ʺ~�mH;�º�Y�PH2'_!�a�
C��{ z�H)'4
�'yKtZ;3Ğw}dh��!��:�e�}E/R)Q\(뉞�OYI{L�$GQ�):�(9Q{0軟o9Aߐ>1K_4��~ ѶP=8,lrh%縵vI3�a~2)}A/-N9˙��~HҼ�"��o�=%(E�馺[W�db��#N M5�W"Jv=O��?G(��cd9w�a��RO�$SQ�6'in&.�K5Kb)�.N yuxȠ#%tBE]�ϣ����+y5EY-.*$'?vb�Ós81
<�<����\9 gy랟FUjĶS�=Ҷ<8x�9 v�v�;2Q
=d�z�P'��_Y.t0o���9]#Σd�tWcT1PM�~�zv`蚳)�o.(�}ǩ-;oC�D'w��H� tyD�o�7ۨ;�.|ʜ(=~![5Zxyu?sFΛ��ڭݷza'3�
]sݿ�wI]iNwl'U�z�y
J}~Nl't:�D(y[a{wCȊ̅S.zr!�
>�Yx�2�&jul臵�4/
Z[4�
2�UCnC�:Z1qE0pHa�~��o��1֢�(G�|o(o&x6�)
KN+�g7�Cc��J�i{\na��'x�{7d\ڊ�]�fKn~�&v/w��NM�Viyg&R�_��r�\R*ԔJ&�.�
BOkza>!�:w��/��BlCԖx�'Y UQkIE�Kg�1W�#Ό. y�RS�Q`�y����
DŽi�f7JFk=v�xAD|Q\S
J1�%�eKh �,�����)阖v�O�w4>�%ob&H̜]_5@�2�$
,4�?9�{'r�-�܂@}��1�-R%�t0~8#Ut4�Kj_"ptG���%�( �
U��t!ӗ t�=Sߩi^�UB<�GTZ*tn�7$E1��Y�los[/rǎ�/n h�a�R=tjiw�{rLD�w4'�ho��@��AP"�("N"WuK,[m�"�{2^�"%?>K#Ǔ>,;1s@g�6
um_@�66/=�*23 F�5F
�1y�L��C]f�"�!(T^��mO�[ضƶ,Ub�,u��l>Ժ5- |#JT':WT�VS�~MJm�-�'[p=?8ɋDz�ϙRҚa�vKԪja# �H9"�o`�,kek�IS!loƫMٵzEyFEP't`�̲&z���SDTYZSj��3�H5dG|kw&b'�%4hl]%5S���rRqp\lB-a�I�hQ<&K 7gsI!SRb
K��RY��lvZޗ�>xS:�hI-qq5KY]IvnI O '�>�0+ 1|�%w `t|:�O�C Ô^�"+(q,��t,glRy./゜v��w�m�*WY�J@"��nDN�ҫa'"$ָ7.B�gY�wdi�*u�Sʹ9�|;�`e�k&ۍ��!�Ϋa'R#$Ė7+>㚄p@K�M�dQ�ԛyfg�++YE�V�9��}���&ҌE�t+&6
bMxe705Je"�d. !A�
�)MKe3>D]9\MG׳@q$V`mvh~5$
,f`ؤd�%I "]O�3�E�=2\kK�D30k��/'�"D��74��咮M�8a�kg a<@p'w�zl^�Ji��f-2Ě��a+I�iqlrN_+�S&ex3-_QD�K5{*��rpDycн�>u]�"cWS{�����}�-�Ҫ=۹9V�@e�|Lz��:-FR�/�F;�=뽰)�PAgt~D)^9{\fSx�T��f0 oC?P}d_�nc䭼ĥxd쑟?�܉r})kǝ0�x)LI|<;A$Z�alR#ঀ�P?�.�IN ~�[+{$U�P>�D0,w
rซذ��B
��wD�Nt�Q*v�vAr@Yi�2}܁J]I��a�
C^(�
#]�%1�M=1Poƞ3H�UWT�K�+� ,U��"x~r59"�@�� �*$W��V./>�052�(B,�T��A��ͤ<؎7լ%Aa8F F(dѴ�B.]�sI
R+Zr^�:XuZ.1x~��[M̀+5fL4.P;qQ6'�a�z&�1[T�vXś�K],m"��P�!ؓ�ZM)RӰp-�|ri?�NRU覯3%U"cW/]}}ZW�Ǵz
-+E��sg`z�Eh#u�1�J~ZNa^0cl��˖C/0Ƹl44q�襍ڵϔ8\H $�5_`��᷍�lsd��Xd�vl"mn!F�R)Ռ�t)6AP�;>DcHu��c�S\YrV3"-^`�9%E$d[h�il�wAQg)q8�@L5Ĝ�6A�h6d�y�?L#�m#WQW?�9�ʵ�FܞVk��� �Xrt1І]3�-'|ɈVs�%���
T&�{<(8�ǘ�x�a*1aF
a?˪M;InP~z�*ڟO�dh^fs B{Z}{�5���U@Dx8AnI�ʹX"]~Gt�Mx$���I,�.�oreOQKo�WNGRi480l�@1"s?"�I:Nalc
r+ǯ�\Ix�h��\�vD�_CVY
�`Oh$�~bH]�-RWld""@ш��&"�/�uh]Z��srѺU�=<��zx�k�``"skn��Xi<
B ~3�dAx�m�r�`x�s��,�]a'KïO��C^�!�&
mScP��9Ĝ#MYF?^]
B�sL!��'p�p�\`srL@KdJ*2&�B�s�8���79|_zLiu�n�O�KZ�&9a� k(E�$�a s�X@���6L0�阗0mݚ�1;cb{(mOc@��ΣW tݚ8�]N*�^
7�OT�YP�XP؟���e�KL)awSa/xoS�L�\��X�5E߀dzw?,�GAn2u:��fé -ݱ5Kqf�ldaQR(,G71<�` ?ET&nN���K
icPB<_�Db^[ �z~�Jb+
zwb꾌����RX�bwT
IhRW�tP(9#${(J{wy
|��,+d/c� ZiB�R,
��?$5GFP=dԵ=k`�fڟh�,\yyyvH^Zw|վ췻��vH5mk+LJY22 �N)3C9l1B"rK��xU�<
/g%L�qx&(o�(�E_VCT�ĨЋSi�0/LL�7ONZMԆCyċ�xY5]r��ZO-Li7x@:X)`�zIc p��!>E[}ҽh�Ik%ꋲs`�nj_Wj&pj3}�w3#?��2�O>���ڹY{I>x�kg�3틌vF?r_�y���1>��w�};��}:���;��v2�e"�s3x���;�"c|/@~.2�"cnF��_.?.3�_fԿ���2�3+uO_23�g�]�{
_g
wɹN2!x̐%.Ni��e/�G�R*Ȫ_�yz�Kӌ5x�x/nt3��:?3/�z�^�}NF&q$��^a(芊g-U噗-LPpۭ]��hp_l %^a/TZE�/ވM,��A)a.�
3l?�@CX{#u��� wOʻϝ)i҇�se5m��U�}ӉzZ>Ś/J�Yy8�q��=}mZ͉xǒGЬ�g]#=DyԦwx�;H߫�xĻO�e�ݞ܃�辊r m>v#yR���^?Ba�D�˺�˖�XԞ/kf70aň�kCU�Hn�6ɑWrly0�63OH��KF��:h0 5�3]jZ6��4s�1s���(6+c�mxC�t��x�n'QgË0ٚ�L($̸Od~�+O�f@L��V8'8>�/ji>I4Xfw���#�P<����7�t#by��ܞ0@PJmXn��P1�d�p1�k�N϶{3]95u�~Wuu;L2.x\
��Hv2y^w!'cx5�3v]ԡ��B_L/��?�\v��x��~�2#0�]Wv�BaI��ܴg,-z��QC͞�3)L�^�#lOʗ�[l,�&1�{��;sh6\��C�cr�%��g�X3Wd]d
�A_d|bh�9+o.TsLHd v"ёswlPF�|�9ao%RFX`nLZԝ86Zd%9L7�A�k��f�&}c|VF^
[(Ӽkx[(7hD���"مxދ!�ᭅÂ-s |o,C左c��c���%mAN��$Kd7-Yݨmˊ�L5a璧�۶f"iד\c>o�� H,݈���A)m�|F�,��k�l`I�\B�`��լ`"��s��ux}ٲs�Ә2J1А8ٶ2COA#t
+�e[� ��O"�C24`)f�zc�<�9z��nG}���#+nv˧�D'7>��6كl2p6g�!(_Gk0��9@/7AkJ��D O.y���@FC0!6���Zi},�KE�%&(Xp\GAΙ=i3;�n�]�r$^G�x
ky�f�ŧSW<2oJP'J�.(ZF�,Wci
ҭ}6`;Щ0D\NX�)E=b농tDm�khT[_�)
l+��
��m'gymDmE>m+�9Ѝ5i�OCΜ�
�φŀ��{Ⱦ���Yf#1ثt�g)C2^#s!? L�nl�^^jti�(�aa�ɗvX�jA@�`U\3zf7Z�Ю�3q-M&�Cg�a+ecPMYVc.G]L*@<�փP��=`#hxb�<���,�ݐbV�S"N$֊rI-�9�폭�N*dهl*~��&/�Y,{ۺ�НTnx�WNENE<<�Sf}')VRL_XП�_Q>q*'\`��b{ T�*z/筥;vf?Pv/i>rC*g�UN'��VX�vQ%6��į[�g�ݫ�,�Z~�5?~~8�Ҝ%!tNZi��B";�+w<9i_|H�{zv
C&ȕ/g�-F#�oU��AtMe�z'1l5ɋmEg,3l�W'~};l'�uE^8�%܆mJPQ&s)#�M�n쵅46�/e'J܄;"�6BKFslx�6� ��|�[ ��
|
Messaging & Collaboration 
