Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Yahoo Messenger critical update InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Yahoo Messenger critical update

Published: 2006-12-15
Last Updated: 2006-12-15 18:17:07 UTC
by Jim Clausing (Version: 1)
0 comment(s)
Last Friday, Yahoo published a security bulletin with respect to Yahoo Messenger in all versions prior to 2 Nov 2006 on Windows.  A buffer overflow in an ActiveX component allows for remote code execution.  Earlier today, a Secunia bulletin was also published rating this vulnerability as 'highly critical'.  Users of Yahoo Messenger are urged to update to the latest version immediately.  According to the Yahoo bulletin the CLSID that contains the fix is  AA218328-0EA8-4D70-8972-E987A9190FF4 versions 2005.1.1.4 or above

Yahoo bulletin: http://messenger.yahoo.com/security_update.php?id=120806
Secunia bulletin: http://secunia.com/advisories/23401/
Update: http://messenger.yahoo.com/
Keywords:
0 comment(s)
Diary Archives