Risks
Vulnerabilities
Browse by
Yahoo Instant Messenger YAUTO.DLL Buffer Overflow Vulnerability
04 December 2003
Bookmark and Share
From: "Tri Huynh" <trihuynh(at)zeeup.com>

PROGRAM: Yahoo Instant Messenger (YIM)
HOMEPAGE: http://messenger.yahoo.com
VULNERABLE VERSIONS: 5.6.0.1347 and below

DESCRIPTION
=================================================

YIM is one of the most popular instant messenger. This is a cool product, that allows me to chat with my gf from a very long distant :-).

DETAILS
=================================================

YAUTO.DLL is an ActiveX/COM component that comes with Yahoo Install Messenger. YAUTO.DLL is registered under a ProgID called "YAuto.NSAuto.1". In this component, there is a function named Open(String Url) that will cause a buffer overflow if argument Url is passed with a long string. Since this is an ActiveX component, the vulnerability can be exploited just by making a website with the correct CLSID of the ActiveX and call the function directly. We have successfully exploited the vulnerability by making a website that can download a trojan and execute it silently.

WORKAROUND
=================================================

Yahoo has been contacted at enterprisesales@yahoo-inc.com (this is the only email that I can find on the Yahoo Messenger Site) but doesn't response after 1 month. The workaround solution is deleting the YAUTO.DLL file in your YIM directory.

CREDITS
=================================================

Discovered by Tri Huynh from SentryUnion

DISLAIMER
=================================================

The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

FEEDBACK
=================================================

Please send suggestions, updates, and comments to: trihuynh@zeeup.com


Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //