Wednesday, June 6, 2007

Yahoo! Messenger - Big vulnerabilities?

eEye is reporting that there are "multiple flaws" within Yahoo! Messenger 8.x - which are apparently critical. Remote code execution IS POSSIBLE, so ... watch yourselves.

I can't find any reports of a patch - or upgrade. More if I find it before you do.

Here's the link over to eEye's Advisory - with very little information.

EDIT:
As promised, here's more from the Full-Disclosure list... there may still be more!

WebCam Exploit (Run Remote Code!): http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html
ActiveX Exploit (Yahoo! Viewer):
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063819.html


06/08/07 EDIT
Apparently - these are "super-critical" vulnerabilities, and should be patched immediately if you are using Yahoo! Messenger.

Here's a link to the TechWorld.com story.

No comments:

Google+