Multiple Vulnerabilities in Yahoo! Messenger

Reported June 5, 2002, by CERT.

VERSIONS AFFECTED

·         Yahoo! Messenger 5, 0, 0, 1064 and earlier for Microsoft Windows

 

DESCRIPTION

Multiple vulnerabilities exist in Yahoo! Messenger that can lead to remote compromise of the affected system. The first vulnerability is a buffer overflow condition that exists in the messenger Uniform Resource Identifier (URI) handler “ymsgr:”. The second vulnerability exists in the Yahoo! Messenger "addview" function that lets an attacker execute arbitrary script and HTML in the Internet security zone of the local machine.

VENDOR RESPONSE

The vendor, Yahoo!, recommends that affected users upgrade to version 5, 0, 0, 1065 or a later version.

 

CREDIT
Discovered by Scott Woodward, Phuong Nguyen, and Adam Lang.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish