Last Friday, Yahoo published a security bulletin with respect to Yahoo Messenger in all versions prior to 2 Nov 2006 on Windows. A buffer overflow in an ActiveX component allows for remote code execution. Earlier today, a Secunia bulletin was also published rating this vulnerability as 'highly critical'. Users of Yahoo Messenger are urged to update to the latest version immediately. According to the Yahoo bulletin the CLSID that contains the fix is AA218328-0EA8-4D70-8972-E987A9190FF4 versions 2005.1.1.4 or above
Yahoo bulletin: http://messenger.yahoo.com/security_update.php?id=120806 Secunia bulletin: http://secunia.com/advisories/23401/ Update: http://messenger.yahoo.com/ I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS DFIR Summit & Training 2022 |
Jim 423 Posts ISC Handler Dec 15th 2006 |
Thread locked Subscribe |
Dec 15th 2006 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!