NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q3

[sec-adv] Yahoo! Chat and Messenger Stack and Heap Overflows

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Wed Sep 17 2003 - 11:52:38 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Yahoo! Chat and Messenger Stack and Heap Overflows

SECUNIA ADVISORY ID:
SA9760

VERIFY ADVISORY:
http://www.secunia.com/advisories/9760/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Yahoo! Chat
Yahoo! Messenger

DESCRIPTION:
Two vulnerabilities have been identified in Yahoo! Chat and Messenger
possibly allowing malicious people to execute arbitrary code through
HTML documents.

The problem is that the "TargetName" parameter isn't properly
verified in Yahoo! Webcam Viewer Wrapper ActiveX control. This can be
exploited to cause both a stack and a heap based overflow which
possibly could lead to execution of arbitrary code.

Another problem has been identified in the handling of the "AppId"
parameter in the YInstStarter ActiveX control. This may be exploited
to cause a heap overflow which could lead to execution of arbitrary
code.

SOLUTION:
Remove all Yahoo! ActiveX controls and reinstall the software from
Yahoo!.

The following page will try to detect if you are vulnerable and
upgrade your ActiveX control's.

http://messenger.yahoo.com/messenger/security/

Secunia recommend that you deactive ActiveX and Active Scripting.
ActiveX and Active Scripting should only be allowed on a site per
site basis.

REPORTED BY / CREDITS:
Cesar Cerrudo

ORIGINAL ADVISORY:
http://messenger.yahoo.com/messenger/security/
(Page trying to detect if you need the update)

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]