Critical vulnerabilities fully disclosed.
Two security flaws in the popular
Yahoo! Messenger
communications software have been reported, with full details available online before a fixed version of the product became available.
Initial reports of the flaws, both buffer overflow issues in ActiveX controls used by the software, imply they are simple to exploit, with in-depth descriptions made available via the
Full Disclosure
system. Although as yet there have been no reports of exploit attempts in the wild,
Yahoo!
has rushed out a fixed version and is advising all users to upgrade as soon as possible, with automated upgrades due to take place over the next few weeks.
Yahoo!
‘s details on the flaws, and links to the update, are
here
. The flaws were reported to
Yahoo!
by
eEye Digital Security
, who carry an alert
here
, while a
Secunia
summary, rating the issue ‘Extremely Critical’, the most serious level of alert, is
here
, and a further warning on the
F-Secure
blog is
here
.
Posted on 08 June 2007 by
Virus Bulletin
Leave a Reply