Security flaw found in Yahoo Messenger

Thursday, 4 December 2003, 11:57 AM EST

Security researchers are warning of a security hole in Yahoo's Messenger that could allow attackers to run their own code on computers using the instant messaging program.

The buffer overrun vulnerability was discovered by researcher Tri Huynh in a file named "yauto.dll," which is an ActiveX component of Yahoo Messenger software versions up to 5.6.0.1347, according to a security alert released Wednesday by Secunia of Copenhagen, Denmark.

The company was notified via e-mail about the hole one month ago, but did not respond, Secunia said.

Yahoo issued a statement Wednesday saying that the company only learned of the vulnerability Tuesday evening, after it was posted on public Internet bulletin boards, and is working to verify the report and develop a patch for Messenger.

"Yahoo takes security very seriously and employs rigorous and aggressive measures to help protect our users," the statement says.

[ Read more ]

Related items




Spotlight

How GitHub is redefining software development

Posted on 26 January 2015.  |  The security industry is slowly realizing what the developer community knew for years - collaboration is the key to and likely the future of innovation.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, Jan 29th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //