Dont Talk to Strangers on Yahoo Messenger Webcam

By Lisa Vaas  |  Posted 2007-08-16 Print this article Print

No patch has been issued yet for a new zero-day in Yahoo Messenger Webcam.

McAfee Avert Labs has uncovered a new zero-day in Yahoo Messenger Webcam and are warning people not to accept invites from people they dont trust until a patch is out. Avert Labs is calling this a "classic heap overflow" that can be triggered when a victim accepts a webcam invitation. The issue was first discovered when it was reported on security forums in China. Avert Labs notes in a blog posting that this problem is not the same as the one Yahoo patched in June—that earlier vulnerability had to do with a buffer overflow in Yahoo Webcam ActiveX controls.
Click here to read more about a Yahoo Messenger flaw in the wild.
Besides eschewing invites from strangers, Avert Labs is also advising Messenger users to block outgoing traffic on TCP port 5100 until Yahoo patches the hole. McAfee has added signatures to its NIPS IntruShield to protect its customers who use Messenger. Avert Labs Karthik Raman said that as of his Aug. 14 posting, no exploit code is out yet for this vulnerability. Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel