• On TV.com: Sexy summer bodies photo gallery
June 8, 2007 6:01 AM PDT

Exploits exist for Yahoo IM security flaws

by Robert Vamosi

At least two sets of exploit code have been posted on the Internet for the security flaws in Yahoo Messenger 8 first disclosed on Wednesday by the security vendor eEye on Tuesday. The two exploits were posted on the Full Disclosure mailing list on Wednesday. One set of code shows how to cause buffer overflow in the Webcam ActiveX component. Another causes a buffer overflow in the viewer ywcvwr.dll. Both exploits were written by Danny.

This morning Yahoo released a patch for Yahoo Messenger, however, update is voluntary. Users will be prompted each time the application loads until the update is installed. Given these public exploits all Yahoo Messenger users should update to the latest release as soon as possible.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Security,

Yahoo

Tags:

security,

Yahoo,

exploits

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Was InfoWorld's CTO of the Year award a year late?
VMWare VI4 renamed to vSphere
Related
Add a Comment (Log in or register)
Doesn't really sound "Vouluntary" to me...
by gsmiller88 June 8, 2007 11:43 AM PDT
Sounds as though it nags you todeath till it updates, typical of
Yahoo! I'm still using YIM 7 on Windows (No crappy voice feature
or embedded search boxes) and they've not updated YIM 3 beta 1
for Mac since I got my Mac back in October, so who knows when it
will come. At the rate their going the final version of YIM 3 for Mac
should be out by the first quarter of 2009!
Reply to this comment
by painjester August 7, 2008 2:16 PM PDT
If you don't like the constant nagging of Yahoo! to update your messenger.. simply go to your C:\Program Files\Yahoo!\Messenger folder and rename the yupdater.exe to _yupdater.exe .... that will stop it from trying to update while preventing errors.
Reply to this comment
advertisement

Can RIM get its mojo back?

The new BlackBerry Tour, carried by Verizon and Sprint, arrives Sunday, even as RIM seems to be losing sales to exclusive devices like the iPhone and Pre.

With Chrome, Google reignites the OS wars

roundup Google Chrome OS, due in 2010, underscores the Web giant's cloud-computing ambitions and opens new competition with Microsoft.
• What Chrome OS has on Windows that Linux doesn't

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET
  • Popular on CBS sites: