HZRN.COM
welcome to my space
X
Welcome to:hzrn.com
Search:  
NAVIGATION - HOME

Security Bugs Squashed in Yahoo IM

Published by: jack 2010-03-19

Yahoo! has patched holes in its instant messenger (YIM) application after a Vietnamese researcher found security vulnerabilities that allowed unauthorized execution of programs on a user's PC via buffer overflows or Java or Visual Basic script execution.

In an advisory, researcher Phuong Nguyen said the holes allowed unauthorized script execution through the YIM content tabs. "The net impact is to allow a relatively simple opportunity to hijack users' YIM client outright, and use it to attack or intrude into YIM users supposedly private information systems," Nguyen said.

The researcher said Yahoo! was informed of the vulnerability and issued a repaired version of the popular text-based chat tool.

The Yahoo IM fix comes on the heels of a similar problem which cropped up for competitor Microsoft's instant messenger product.

The Yahoo! IM alert, which was publicized after the company released a repaired version of the instant messenger, contained two vulnerabilities in the client. The research firm found a buffer overrun which enabled any URL beginning with "ymsgr:" to execute "ypager.exe" code. Once "ypager.exe" is called, the IM client crashed and unauthorized code could be deployed if the Yahoo IM was running on a browser.

Mac Beach: Google and Comcast: Got mail? (CNN story)::
They didn't, however after jumping from one IM to another over the years I find that Google may have squashed the online Office-killer rumors for now,
http://blog.macb.net/2005/10/google-and-comcast-got-mail-cnn-story.htmlHOME
"If we input a string that has more than 260 bytes we will crash YIM; 264 bytes will overwrite the EBP register; four (4) more bytes will overwrite the EIP register. In total, 268 bytes are needed to cause a buffer overflow," according to the alert.

"With no proper bounds checking in the ymsgr protocol, attackers can overflow the YIM function calls "call", "sendim", "getimv", "chat", "addview", "addfriend" tags," the firm said.

It said Yahoo! removed some functionalities of the repaired IM client, including the "addview" function which enabled the instant messenger to view Web content on its own.




Liberty Alliance Adds New Members
New Wireless Push Technology Library Opens

  • how can i get my age son to read more
  • if i get my loft insulated will i be able to store things and walk up there what should i do
  • how do you get that really cool writing on myspace
  • horses conformation question
  • phyics i am having real difficulty finding this out please help
  • am i really out of control
  • yammer survey 4
  • where do you paste the code for a music skin on myspace
  • how would you rate out baby name 1 10
  • it 039 s it true president elect obama is a member of the illuminated
  • i really need some help could i be pregnant if
  • how can i get rid of my flakes
  • exercises for jumping confidence

  • horse won 039 t go
  • how did people get oranges in winter before fast shipping
  • how do i put the new myspace profile playlist on my profile
  • need help simple 10 points
  • is caesar dressing good for you to drink
  • why do we feel tired physically mentally
  • what are some good horse stuff to put on my christmas list
  • thinking about starting smoking
  • can i run a wireless printer from my laptop and my pc
  • who is the guy on the cover of the keys to the kingdom
  • what are some dairy free and affordable breakfast ideas
  • still sick after 3 weeks and this is the second time in 2 months
  • eating porcupine
  • how much would you pay for hosting
    • #If you have any other info about this subject , Please add it free.#
    Your name:
    E-mail:
    Telphone:

    Your comments:


    If you have any other info about Security Bugs Squashed in Yahoo IM , Please add it free.

    About us -Site map -Advertisement -Jion us -Contact usExchange linksSponsor us
    Copyright© 2008 hzrn.com All Rights Reserved
    Site made&Support support@hzrn.com    E-mail: web@hzrn.com