Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: 2 Yahoo! Messenger vulnerabilities (with PoCs) SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
2 Yahoo! Messenger vulnerabilities (with PoCs)
Two brand new vulnerabilities for Yahoo! Messenger have been published on couple of security mailing lists. Both vulnerabilities are boundary errors in two ActiveX controls that come with Yahoo! Messenger: Webcam Upload (ywcupl.dll) and Webcam Viewer (ywcvwr.dll).

PoC exploits for vulnerabilities have been published as well and they allow execution of arbitrary code. Published PoCs just run Windows calculator (calc.exe), but it is trivial to change the shellcode so we can expect some attacks soon.

At the moment, the best mitigation is to set the kill bits for affected ActiveX controls: DCE2F8B1-A520-11D4-8FD0-00D0B7730277 and 9D39223E-AE8E-11D4-8FD3-00D0B7730277.

Thanks to Joshua G. and roseman for alerting us about this.

Update: Yahoo released a patched version of version of Yahoo! Messenger that addresses these vulnerabilities. For additional information and update instruction, please see http://messenger.yahoo.com/security_update.php?id=060707.I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Paris December 2019

Bojan

384 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!