- This topic has 0 replies, 1 voice, and was last updated 16 years, 3 months ago by .
Viewing 1 post (of 1 total)
Viewing 1 post (of 1 total)
- You must be logged in to reply to this topic.
Home › Forums › Archives › Site News & Announcements › Instant Messaging News › Yahoo! Messenger News › ActiveX vulnerability in Yahoo Messenger
[attach=right]1252[/attach]Security analysts are warning that Yahoo! Messenger is vulnerable to ActiveX attacks similar to those recently reported in the image uploading tools for Facebook and MySpace.
Elazar Broad discovered a Boundary Condition vulnerability within mediagrid.dll, version 2.2.2.56, and Krystian Kloskowski and Broad have discovered a second Boundary Condition vulnerability within datagrid.dll, version 2.2.2.56c. On top of that, Kloskowski has disclosed a buffer overflow within datagrid.dll 2.2.2.56.
These three vulnerabilities are found in Yahoo Instant Messenger 3.5 and Yahoo Messenger 4.0, 5.0 and 5.5, and could allow an attacker to compromise affected systems.
The simple solution is to use a web-based messenger or upgrade to the current version of Yahoo! Messenger. If you’re determined to stick with an old, buggy version, there is a workaround. You can enable the ActiveX controls for the dlls in question (details from Microsoft here).