June 8, 2007 6:01 AM PDT

Exploits exist for Yahoo IM security flaws

Posted by Robert Vamosi

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

At least two sets of exploit code have been posted on the Internet for the security flaws in Yahoo Messenger 8 first disclosed on Wednesday by the security vendor eEye on Tuesday. The two exploits were posted on the Full Disclosure mailing list on Wednesday. One set of code shows how to cause buffer overflow in the Webcam ActiveX component. Another causes a buffer overflow in the viewer ywcvwr.dll. Both exploits were written by Danny.

This morning Yahoo released a patch for Yahoo Messenger, however, update is voluntary. Users will be prompted each time the application loads until the update is installed. Given these public exploits all Yahoo Messenger users should update to the latest release as soon as possible.

Topics:: Security,; Yahoo

Tags:: security,; Yahoo,; exploits

Bookmark:: Digg; Del.icio.us; Reddit

News Blog topics

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Tech stocks tumble for a second straight day
The Dow Jones industrial average takes another wild ride, marking a second consecutive day it has ended the session below 10,000.
Gallery
Photos: Messenger returns to Mercury
News - Apple
Another iPhone bug?
Security conscious 12-year-old discovers new security hole in iPhone that allows people to see incoming text messages even when the passcode lock is enabled.
News - Microsoft
Microsoft search results land inside Facebook
As part of a deal announced in July that resulted from an investment, users can now do Web searches using Microsoft's engine without leaving the social-networking site.
Video
Mercury exposed
CNET News Daily Podcast
CNET News Daily Podcast: Subway cards now easily hackable
Protecting yourself from subway card hacks; a possible battery change for Apple's iPhone; and corporate restructuring at AMD.
Video
DIY political ads proliferate
News - Politics and Law
CBS live Webcast: Presidential debate, round two
Continuing our coverage of Election 2008, CBS News and CNET are presenting a live Webcast of Tuesday's presidential debate, followed by Web-only analysis and commentary.
News - Cutting Edge
Astronaut training awaits Esther Dyson
The tech pundit and investor is girding for six months of training at Russia's Star City, as an understudy to International Space Station-bound Charles Simonyi.
Gallery
Photos: Top 10 reviews of the week
Crave
Calculator sneaks in a spy camera
A small camera is built into the side of the calculator, so you can pretend to be punching in figures while you're actually recording a clip of your office nemesis.
Green Tech
Army plans 500-megawatt solar thermal farm
A new Army energy strategy includes plans for what could become the world's largest solar thermal farm, as well as geothermal and biomass-to-fuel projects.