Check Point Advisories

Preemptive Protection against Yahoo! Messenger Webcam ActiveX Control Buffer Overflow Vulnerability

Check Point Reference: CPAI-2007-068
Date Published: 12 Jun 2007
Severity: High
Last Updated: Monday 01 January, 2007
Source: Secunia Advisory: SA25547
Industry Reference:CVE-2007-3147
CVE-2007-3148
US-CERT VU#949817
US-CERT VU#932217
Protection Provided by:
Who is Vulnerable? Yahoo! Messenger 8.1.0.249 and prior
Vulnerability Description Multiple stack buffer overflow vulnerabilities have been reported in Yahoo! Messenger. Yahoo! Messenger is a popular instant messaging communicating application. By persuading a user to visit a specially crafted web page, a remote attacker could trigger these vulnerabilities to execute arbitrary code on an affected system.
Update/Patch AvaliableUpdate to the lateset version of Yahoo! Messenger:
http://messenger.yahoo.com/
Vulnerability DetailsThe vulnerabilities are due to boundary error in Yahoo! Messenger Webcam ActiveX control components. To trigger these vulnerabilities, an attacker can create a malicious web page that initiates a vulnerable ActiveX controls.  Successful exploitation may allow an attacker to create a denial of service condition (by causing the victim's browser to crash) or execute arbitrary code on an affected server.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK