Security flaw found in Yahoo Messenger

Thursday, 4 December 2003, 11:57 AM EST

Security researchers are warning of a security hole in Yahoo's Messenger that could allow attackers to run their own code on computers using the instant messaging program.

The buffer overrun vulnerability was discovered by researcher Tri Huynh in a file named "yauto.dll," which is an ActiveX component of Yahoo Messenger software versions up to 5.6.0.1347, according to a security alert released Wednesday by Secunia of Copenhagen, Denmark.

The company was notified via e-mail about the hole one month ago, but did not respond, Secunia said.

Yahoo issued a statement Wednesday saying that the company only learned of the vulnerability Tuesday evening, after it was posted on public Internet bulletin boards, and is working to verify the report and develop a patch for Messenger.

"Yahoo takes security very seriously and employs rigorous and aggressive measures to help protect our users," the statement says.

[ Read more ]

Related items




Spotlight

51% of consumers share passwords

Posted on 20 August 2014.  |  The research revealed that consumers are not only sharing passwords but also potentially putting their personal and sensitive information at risk by leaving themselves logged in to applications on their mobile devices, with over half of those using social media applications and email admitting that they leave themselves logged in on their mobile device.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Aug 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //