Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Yahoo Patches IM Vulnerability



 By: Brian Prince
2007-04-05
Article Rating:starstarstarstarstar / 2


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
A buffer overflow problem is patched by the company.

Yahoo has patched a buffer overflow vulnerability in its instant-messaging tool that would have enabled attackers to potentially execute code on a compromised machine.

The flaw exists in an ActiveX control that is part of the Yahoo Messenger audio conference control. If exploited, a buffer overflow could cause a user to be involuntarily logged out of a chat or instant messaging session, the crash of an application such as Internet Explorer or the execution of code.

Resource Library:
Read more here about Yahoo readying its new messenger.

According to the company, an attacker would have to trick a user into viewing malicious HTML code in order for the attack to be successful.

Andrew Storms, director of security operations for San Francisco-based nCircle, said addressing the vulnerability could pose a problem in large corporate environments where Yahoo Messenger is widely used.

"Yahoo IM is heavily used in the corporate environment even if security policy doesnt officially permit it," he said. "[This vulnerability] leaves administrators with the choices to upgrade or set the kill-bit on the affected ActiveX control. Unfortunately, many corporations are unable to centrally manage upgrades [to] Windows Messenger, making this fix extremely time-intensive for IT teams. Many companies will be performing ad-hoc mitigation to get this cleaned up."

Yahoo advises anyone who has installed Yahoo Messenger before March 13 to install the update.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Yahoo Patches IM Vulnerability
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}r8qռFsw1EH)ْcm,k)dVP$$qL\/qlݗxKd;9mFwh4#ooD.0 :ܢdC7郿O$wmL9PKϠ^=WZj:@a5˜NzpDwd>J`OS{S )5'Ӡ6ޙ =/3mB}F7\3Ѣmgbپ6I=E9JG~9K Q/w,8&a}c$aLvn=w2`~|!`T黖8"#AUVekV6^ ;s9ȹ3oWh=3d9';{ -,w2M*5fȱ:9zuur<rDJ53f ^_wUJE`R.dz$_S::YgNtkQ2Z[^ kEKXOr ])21,R!t'lni_Wם~ ڧ'םϟ̲5<JEU a Jg3F~7uWgkew'gkjtN}d#t6+?fV'Z-[lxef{ dP[w8LwjT{dZ6է)I|[<֠E~>t/!O}fr2GrI/o"/KG)H7#ǚ MтmdƩ$|ǺzNԎRlJVmT3o`2 f4.zh- @ho*KjLru&@Sk~$Mcb.L2o2zۤ%/^(P%!P샚_.[ jFTwPH7#DD vxr!DKI88c^IRe1\ni>U<<vwެu*մ޹-~aށؓY9tnUOvІ)WCKEhYf7-wIQMm{Qk<‹R85|Qnl 2XjXvR7X[A^/lA::~f1>QÜ#ͶOCGs>hH2胆6ml-ƹh$ ,70}Hg@zQI47X8x<cOv/|\aPn=D5i-DCw 0Ie&3 yO ΃droo͠~(wMnHi>X^0 jp.HpyY?9D>o  9#z[LKx GN RP|'sZ( ޟ -2(%łdh  4.gP)AH =k 99Y ŊޑvR:LZ'9Tv{B#™8CTR:D;7 K){TKh!+K@fsfh(4{~u}bB+|#'bXr`Y \h+i)!4ÃiА4XyZ&5SF`ߑ^86̜07ÚL ~Dg虉m>`4fsSږiE-/߄V 9uC \D r}͚X 4ؐ|&Bn X_*PWӟBjI-xK;ʸASA͐`AELl5KWթw@4="7]w=: S-`sq˱+ m0TNϣ(a!w1 ZJkX"L U*=t%\42.|O V,'0{ gб3bea?k {eS\Hq6Ϯm V!2D+ه0`M EDN{6R^)!0iTҗKĤ_$I?րH{A2,exY΁5mIr 'jY$ Ei.<87Qo> < ıLb0qqغ7, 2q͝a&?@R)Ö13gdim&ǙXT'/BOքk&.}yTc DA#E . @. m!X`j D"T `n*vVѱ(թ%6=@,.&Dtl?`"#>}ڧnssQ*JW3 R|OjZ,V+15ǩT9>T* oV Ls1)' Sf|)Nb_ޝo>4zxPσ!m^:J[09X>: ;212& z@jAbv6z,LHT0u 0-tq])Tjբ¾_YN+^> (L50Ȉ%|=GlTlmO.1Vm$R*nC01^*== 7S_ -ʖvo˦ՆgQyϤnx-_M>%Zȓ3w&Z Ĵ\.@ ^(93+V[]-M:f2/cX_dU-%0m3hSYlpg=H]ӞyM}|O>=jTco*\$t'] Z;As7ѻMslޥ0͜6@yZSI۠jj,lγ>AqHlBK`wT0΁MBP.R 2=ct864>s'Si mmCQ C;9& Ajm>a,0r&n\☺n>2I*"Eeb8)LU˕2~g^`.R>փ~)rM5E;4Ћ­7*V7P#I(OU?CPՇud*VTHz, :*7xџ6XD+(++i-^2yam.E9[ 4wʨKV-,sK"hʌg _|q[rn)tyĆ5(4]sFyp0 O+oskKIlϱ+Kzk@50RiɊZ)ujURբTE'sL؞EA(ǡd:)dnQ{{C4}3݀,+L)~31Ȕ:ɹT>TC*mT)玿ߓJtMqC` aE)ݣ,DP.|arRU8N3Az vBs=Q<C U8qm oRٟ:sɖBy%EDOCVjgX&Պ21M1yէ}Z{ E D@;nC߱?$ ?S-l8)F::~ݕDw{vZ#RT>Yr 5Gxǀ5_AwyDDyy|F߫%?WH LЇ_e)X|ptْ:6?eB*fB,&8oIŸڈ9}/gv{{l:k6|v>2DH"r z]ۼй_>]QcrѹlK^+΃ w"EKrBë<uxi)qڎ7M,#LkCuWidLR7 Z_ťwj_sfij ^k5W'27e]?ވFhv~[;ºY PH2>(_1a c{ z H)'4N9:\b/ź$B R`2"(BShDO§,>]79S%j6ɟ}A_(/0k0Mr!}J_cN߯ͲxL+'B0Gg56I ]a~:)}CmN9˙~LҼ" Í7"HtS5pASB9kթ-xOӖO|B[QTw1G|I;ɨu͒:h<5K:0SBt (2H PQ7,O$e=lI2 KBh%bbVHRoռܞ6<1ޥ]ƙBNmK$h dgKU 3 KqkP i"+ `->ϓ#+y5EY-.l*$'?v 81 %/5gk3 \:`AL[ıp߆؉ ?O*yr osל8{JnM<:*UP놣ݮeNx>HАݛ-p7&ƭoN{m^XFC\f/c_; ?--8tǠ#R#K1M&$(j^UH*"sᔤ˾\EG㳑)G8b]0d&'q=+==4zoѯo=إ'<C?'}& ~ ]=PI9뻿~=Ғ(r_&ZDNqw5Q${qI9.t}?,K`\Ty^v} ,$>?Gso D:*p&޸JIuE2u> ۵{IFe&B=I5!._M.PodE*J!BDL$gSdӏRk9f _D.ԞPO:4 iEs3 (,yG0(9w+WmEw寲Tn_ŗ,ha@x;ĉtmQ (#PxbS/*i3ލ]ؕRޖ_X0a\2UO1!au.ȧ5V6=TٖiJ/4LN(]N *sA)qA 5Ef0N@ x]\+!"زNJfyLPC(Z&. ]mPyWmSʶSyq9,̵gn͡MQ2eQ/s3D apCB8wv"@n6vTBQRm' \^Θ/aW"P ,ug1gYl0wk,.N k4^QBm۳#뎕j1gC |K#ϒ ceBXz71U0Bjm4{ hty^#X>:X" ak\΃EaSp0yUOzmN^UO=6E K+ X;.>At!}vRJb#PI$ҸD$T!a;ȠG9$jg3y-[[/M?r$k-o0KPSƂ)>;ɦo':W1pH C8!z݋eI@ίl5/[_,.|jRY=>邾W޿ Vљ4?r|^ލ#]4/'s3ZAjkE:=7@"!$RE4{jK'Q"$7v}cKyʠ< 6 C @J70<>MLqjSN O&Sl8G} ʅD{1b5^ ҖbN1LKmΨx$ Y!zS)[,?'Sݤ8dFdW!3MB> "OkQv_t!^Z%_V_RcCe$R;ʶ.u٦1- $~t~Kc6]#^)\k^ \!lijĵ8AL(&<" pQ) ĺA@56s[-mka 0+>򃍣: ]e~|=_}C%Iq,Δ]0rL߱/'-@:Gs-f[IcCw] tBvթ4[gz=`HWx[kS$~ϘA !h7]% %U#HE/3~3OTfN?jx5"lB4Ɩk$C)%:ؚcYp\/oDED8$ ^Luhv½CqY>8ema5'b[GlvB52Ff^gr)-.k C[81L,glj@!8v1 ՌK&ʎhVo <:G9Dw(pA3606D _G.qȸa:u\ rk" )^$_}y:<@R}$m{q T{9f y;f@SS.TRro j1ߦ<։m_ua}J^/?x*GgZI.6e`5;72}6`D؂_ FRˬrM$I1Ʊ3}R#*Θh֖P2}gD+oW$hKeH? z]kN9-(WxÐߗ DQ\~= )U|5XsDT#|  KR_^я T.~/Āhn~ J\~H(aZ 'Ʈ$!/B^ݳ’M=1H&q9quMMu&^s kahϔ1Z&GBA8AX$XDŇ!&quQ%r$h#8XiLʃ+ aeSYYh5!ncbBMY/OQ/K]ZX:~eL<^^AFS3 iϋ"r\IoA$TCRt HU) &u 9 x##-F5נ:?{9mnbfģ Zkah;Xycj=!vEc` oH.қ≠D37:U[Wіf@)O'찔719tPH':tӗiɒ*1Ln٫JPcƳduđZCr\P'MUr)O,j,TOYrYXO:Rga~cn?ymͳxaIч%˶8Vva\lGN$(cX ~-=]{K"pr+1w[ w5knQ Hzw:N狎^Rb"W6mMHr6aiљF;6vCknnBzTB}F}oz0OZ^Ka.=1ŕ%gevpd_a=%E$d[j ilwIQg)q8 @\50yāLRp߶~ux +s\1li&R'L{*F6#ZIixo sF@Yj!u50L]U# `< I}nD~hv.e } d!/9k`sXți?@S[EQx~L 'lI<RLS5ë^y»|Έ.&+J)R]xC⅋xAyF7X񋋖z+i+*K9I͑1;^)&> &O=lFLf r5WWY4uMNםAwH֚_ԝ^iY}uݹg&zhT_M^vL۝',C rv춙283E B*rK xU" /%qx&NItPJTَ/!bTSi0_<)oZ~_ͦV\k! >?BVtɩcdhw>8M/GRU8i67anq4ħEt@z\#4[EEFG(Q Q~ כO͌2ʑ[@V;O7}2!>A\㼳5:r_'\fC;5>3?C">vntn]͂fз fЧ w3v3 O /o&3(By72c|/A~.32cz^F{z_?2 ޿x:?>7PO_2o n~7۬r o3ڿ\'I73y S:8'\$_JeYW@a uyQ^ }V.@yJ2,c2\. g{9;[?[tN{BX\Jzp+W^gim4v+iAm {}yK/#ymoĦBx8gG6;\[[,Oнۺ{ϊ'NW4CﹲKd^ Wsr>VD=VbMdG,E<mJ91baOd_$_U-(c#h6 .Ñp[yԦ`z[G4YQ>=P.v:)n77KpK|*SG0U75igjhg?>/yd֦WVFkp'k͠6K&(WL1y}³2Sw١GhD+,s e%Hi_1\-F^7xW_JnAmOםg4`/ë6{hg"diYP͙Ȫ9(~H+"7<R9!螡Z(J {4"q&`jPL ;ICU=T*[)WJr= æDDݣv$E\I0jP+V&K=# .=m^t f 5ϡ'!p<@>fJC#Dk(xxm")5|y3K @%aw8cokx;P@f@2b/`{8z5(@?4 vo'R {{[1g7ډ:'Dq8Ss4 wY!DӸf|z4}z<8~3mJN)gL=[ ^?>\A/v3NWs$ lJ//ӡG I$/ADlZenH-V|sS [2FlX XJr xh|j[ {wrFR:=fG4yxaw.kZ6 - . " n+ /굁 ީ&Qg=,M̸Ү^b#%0qcOYtm>x*8" 2kH 2s{B|%؄Z{JfBM'KYN/Ǧ e4:ʴ/X9VX#e 7(# EݩcEvEǎ5>~nM"m,?hЌa)x< QfwhD<u[#rF331F#qy] YV8[T"?%KP2y”s]q54OJm{X|@ă|;R[/<~KzH|k,XoϨT*L[K |iG:AM"Kd7-YmˊL3t@m=HYUҎ_Z$##R.ܐOߦ "ahy>ಁe":ݻK=?'.}N5+J "@2d̴7OeuMc(ŬBdFӧ7ke[ O2!MX0 <ձ]w O`7@#>Ƌrd{Goc1$+nvGD g>6'كl2=hM(Fْ[0F->D/7a{~ r@c]Tng`wDl .3.OY% hWa)*e71KLP`Ol3&w6G}dȉ(l}j͜GԋOg0xeӵh_ɬq;Y?] m-1k$~El=au+Wrcdk{f:e^ǃl'!R!Ty X^c 0У,:09G-E6<=܈x~ͺÀg 3HTx.XU\(S4l+* XCڢFMQaW:~i`P+Z/뭑.^s2؍+[Ȁ7H>Y{D,5Rb:(G-zk|FXKW m0u,r?],M c|Rc93a=`>]x O0gWPэX-f1%Dv88)ҡCCԚBJ>eS1#'@n0\|H d9[\O^م43\j9/YH~> \99.@OI"cXM1}aE|@'W.ƕy_Sq||h\7,w9Κ#RInghvV;~v?;w~i a% ѨT\߶;GkO{,Y~KO?\>]hI:V; AHcVC"^ֳO .A|>ǐy6n_1M4ZV+wN㛼VtƢI:6pzR+V[]jv[W셳Qbm٦di29Z{) 1X)Mj39Q2kEskq>tgLp -ͱeRZ`l/Z6?j!