All the latest UK technology news, reviews and analysis

Yahoo Messenger web chat flaw emerges

by Shaun Nichols

16 Aug 2007

Be the first to comment

  • Tweet this
Yahoo Messenger
Yahoo has yet to verify the flaw as a zero-day vulnerability

A new vulnerability in Yahoo Messenger has been uncovered in the web chat component of the instant messaging application.

A memory error known as a 'heap overflow' can be triggered when a user accepts a specially crafted web chat invitation from the attacker, according to security firm McAfee.

Further reading

It is not yet known whether an attacker would then be able to remotely execute code or cause a denial of service.

"Once the condition is induced, it depends on what your exploit code can do, " Dave Marcus, senior security strategist at McAfee, told vnunet.com.

McAfee said that the vulnerability was first spotted on a Chinese-language security board. The company then tested and verified the code, and passed it on to Yahoo.

Yahoo has yet to verify the flaw as a zero-day vulnerability, but McAfee said that it is definitely not related to the ActiveX flaw reported in June.

Marcus noted that no exploit code has yet been written to take advantage of the vulnerability, and there are no reports of the vulnerability being targeted by active attacks.

McAfee recommends Yahoo Messenger users to avoid accepting web chat invitations from unknown sources, regardless of whether they have a webcam installed or not.

No other applications are believed to be affected by the vulnerability.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

Flame in monitor screen

Cool down on Flame worries, say experts

Related white papers

Related articles

Related jobs

Today's top stories

Dell E6430s laptop

Dell refreshes entire corporate PC range with Ivy Bridge

ACTA protests took place across the globe

Europe sounds the death knell for ACTA as committees roundly reject treaty

samsung-galaxy-s3-android-smartphone

Samsung Galaxy S3 S Voice hands-on review

Poll

Flame virus poll

Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?

25%

1%

11%

63%

Features

The V3 hotseat

The V3 Hot Seat: Imperva CTO and co-founder Amichai Shulman

Flame in monitor screen

Quick guide to Flame malware attack

cookies

Quick guide to cookie law compliance

cookie

ICO sends out mixed messages on cookie law

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Riso

Colour printing: why the bill keeps outstripping the budget

The wrong printers, for the wrong tasks on the wrong contracts

Qlikview

Magic quadrant for business intelligence platforms

Who leads the BI pack and who should we be watching out for?

Technology jobs

Senior Infrastructure Project Manager

Our highly successful client urgently requires Senior...

Senior Infrastructure Project Manager

Our highly successful client urgently requires Senior...

Senior Infrastructure Project Manager

Our highly successful client urgently requires Senior...

east midlands

Our client, a highly successful and currently market...

To send to more than one email address, simply separate each address with a comma.