Security flaw found in Yahoo Messenger
Security researchers are warning of a security hole in Yahoo's Messenger that could allow attackers to run their own code on computers using the instant messaging program.
The buffer overrun vulnerability was discovered by researcher Tri Huynh in a file named "yauto.dll," which is an ActiveX component of Yahoo Messenger software versions up to 22.214.171.1247, according to a security alert released Wednesday by Secunia of Copenhagen, Denmark.
The company was notified via e-mail about the hole one month ago, but did not respond, Secunia said.
Yahoo issued a statement Wednesday saying that the company only learned of the vulnerability Tuesday evening, after it was posted on public Internet bulletin boards, and is working to verify the report and develop a patch for Messenger.
"Yahoo takes security very seriously and employs rigorous and aggressive measures to help protect our users," the statement says.
[ Read more ]
- Vulnerability: Yahoo Instant Messenger YAUTO.DLL Buffer Overflow Vulnerability (4 December 2003)