Security flaw found in Yahoo Messenger

Thursday, 4 December 2003, 11:57 AM EST

Security researchers are warning of a security hole in Yahoo's Messenger that could allow attackers to run their own code on computers using the instant messaging program.

The buffer overrun vulnerability was discovered by researcher Tri Huynh in a file named "yauto.dll," which is an ActiveX component of Yahoo Messenger software versions up to 5.6.0.1347, according to a security alert released Wednesday by Secunia of Copenhagen, Denmark.

The company was notified via e-mail about the hole one month ago, but did not respond, Secunia said.

Yahoo issued a statement Wednesday saying that the company only learned of the vulnerability Tuesday evening, after it was posted on public Internet bulletin boards, and is working to verify the report and develop a patch for Messenger.

"Yahoo takes security very seriously and employs rigorous and aggressive measures to help protect our users," the statement says.

[ Read more ]

Related items




Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //