Wednesday, June 6, 2007

Yahoo! Messenger - Big vulnerabilities?

eEye is reporting that there are "multiple flaws" within Yahoo! Messenger 8.x - which are apparently critical. Remote code execution IS POSSIBLE, so ... watch yourselves.

I can't find any reports of a patch - or upgrade. More if I find it before you do.

Here's the link over to eEye's Advisory - with very little information.

As promised, here's more from the Full-Disclosure list... there may still be more!

WebCam Exploit (Run Remote Code!):
ActiveX Exploit (Yahoo! Viewer):

06/08/07 EDIT
Apparently - these are "super-critical" vulnerabilities, and should be patched immediately if you are using Yahoo! Messenger.

Here's a link to the story.

No comments: