Security flaw found in Yahoo Messenger

Thursday, 4 December 2003, 11:57 AM EST

Security researchers are warning of a security hole in Yahoo's Messenger that could allow attackers to run their own code on computers using the instant messaging program.

The buffer overrun vulnerability was discovered by researcher Tri Huynh in a file named "yauto.dll," which is an ActiveX component of Yahoo Messenger software versions up to 5.6.0.1347, according to a security alert released Wednesday by Secunia of Copenhagen, Denmark.

The company was notified via e-mail about the hole one month ago, but did not respond, Secunia said.

Yahoo issued a statement Wednesday saying that the company only learned of the vulnerability Tuesday evening, after it was posted on public Internet bulletin boards, and is working to verify the report and develop a patch for Messenger.

"Yahoo takes security very seriously and employs rigorous and aggressive measures to help protect our users," the statement says.

[ Read more ]

Related items




Spotlight

How security analytics help identify and manage breaches

Posted on 30 July 2014.  |  Steve Dodson, CTO at Prelert, illustrates the importance of security analytics in today's complex security architectures, talks about the most significant challenges involved in getting usable information from massive data sets, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //