• On CHOW: Sexy vampire party
June 8, 2007 6:01 AM PDT

Exploits exist for Yahoo IM security flaws

by Robert Vamosi
  • Font size
  • Print
  • 2 comments

At least two sets of exploit code have been posted on the Internet for the security flaws in Yahoo Messenger 8 first disclosed on Wednesday by the security vendor eEye on Tuesday. The two exploits were posted on the Full Disclosure mailing list on Wednesday. One set of code shows how to cause buffer overflow in the Webcam ActiveX component. Another causes a buffer overflow in the viewer ywcvwr.dll. Both exploits were written by Danny.

This morning Yahoo released a patch for Yahoo Messenger, however, update is voluntary. Users will be prompted each time the application loads until the update is installed. Given these public exploits all Yahoo Messenger users should update to the latest release as soon as possible.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Security,

Yahoo

Tags:

security,

Yahoo,

exploits

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Critical Windows 7 holes fixed in record Patch Tuesday
Zero-day flaw found in Web encryption
Microsoft patches critical hole in Windows kernel
Phishing, worms spike this year, say Microsoft and McAfee
Congressional commission focuses on China's cyberwar capability
Slow Web site? Yahoo open-sources an app for that
Adobe fixes 28 holes in Reader and Acrobat
US-CERT warns about free BlackBerry spyware app
Add a Comment (Log in or register)
Doesn't really sound "Vouluntary" to me...
by gsmiller88 June 8, 2007 11:43 AM PDT
Sounds as though it nags you todeath till it updates, typical of
Yahoo! I'm still using YIM 7 on Windows (No crappy voice feature
or embedded search boxes) and they've not updated YIM 3 beta 1
for Mac since I got my Mac back in October, so who knows when it
will come. At the rate their going the final version of YIM 3 for Mac
should be out by the first quarter of 2009!
Reply to this comment
by painjester August 7, 2008 2:16 PM PDT
If you don't like the constant nagging of Yahoo! to update your messenger.. simply go to your C:\Program Files\Yahoo!\Messenger folder and rename the yupdater.exe to _yupdater.exe .... that will stop it from trying to update while preventing errors.
Reply to this comment
advertisement

As alternative energy grows, NIMBY greens

With more renewable energy projects trying to come online, the country grapples with the balance between local land use and a national push for clean energy.

Google to remake programming with Go

A Unix co-creator is among those behind a language Google hopes will speed computers and programming. Today, Go becomes open-source software.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET