Yahoo Ships Silent Fix for ActiveX Flaw
Yahoo has silently pushed out a patch for a critical vulnerability affecting users of its Yahoo Assistant browser add-on.
According to an alert from "Sowhat," a researcher at Nevis Labs, the vulnerability "allows attackers to execute arbitrary code on vulnerable installations."
Yahoo Assistant is marketed to Chinese users as a security product featuring tools to repair Internet Explorer settings, provide anti-virus protection and block pop-up advertising.
From the security advisory:
The specific flaw exists in the ynotifier.dll ActiveX control. Successfully exploiting this vulnerability allows attackers to execute arbitrary code on vulnerable installations. Successful exploitation requires that the target user browse to a malicious web page.
"During the instantiation of the Ynotifier COM object through IE, there [is] an exploitable memory corruption condition," according to the alert, which includes proof-of-concept code. "By taking advantage of some heap spraying technique, the attacker can exploit this vulnerability to execute arbitrary code."