June 11th, 2007 
admin 
Secunia has issued an extremely critical warning (it’s highest warning) for Yahoo Messenger. Both of these exploits compromise components of the webcam Active X controls. And both cause buffer overflows which then allows the malicious person to execute arbitrary code on the victim’s machines. Yahoo has issued a bulletin highlighting the issue.
The two vulnerabilities are:
“1) A boundary error within the Yahoo! Webcam Upload (ywcupl.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the “Server” property and then calling the “Send()” method.
2) A boundary error within the Yahoo! Webcam Viewer (ywcvwr.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the “Server” property and then calling the “Receive()” method.”
Download the new version of Yahoo Messenger to solve the problem.
Source: Secunia
Posted in 
