Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Security Alerts and vulnerabilities » Yahoo Messenger #2
Register Calendar Gallery Mark Forums Read

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 02-18-2005, 02:00 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Secunia Research has discovered a vulnerability in Yahoo! Messenger, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to a combination of weak default directory permissions and the Audio Setup Wizard (asw.dll) invoking the "ping.exe" utility insecurely during the connection testing phase. This can be exploited to execute arbitrary code with the privileges of another user by placing a malicious "ping.exe" file in the application's "Messenger" directory.

Successful exploitation requires that a user runs the Audio Setup Wizard and that the application has been installed in a non-default location (not as a subdirectory to the "Program Files" directory).

The vulnerability has been confirmed in version 6.0.0.1750 for Windows. Other versions may also be affected.

Solution:
Update to version 6.0.0.1921 or later.
http://messenger.yahoo.com/
Reply With Quote
Posted


Reply

  • Submit Thread to Digg Digg
  • Submit Thread to del.icio.us del.icio.us
  • Submit Thread to StumbleUpon StumbleUpon
  • Submit Thread to Google Google
    • Bookmarks

    « Previous Thread | Next Thread »
    Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
     
    Thread Tools
    Display Modes
    Linear Mode Linear Mode

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts
    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off
    Forum Jump

    Similar Threads
    Thread Thread Starter Forum Replies Last Post
    New IM Worms Hit MSN Messenger Mobo Security Alerts and vulnerabilities 0 03-08-2005 09:05 AM
    Multiple Vulnerabilities in Yahoo Mobo Security Alerts and vulnerabilities 0 02-24-2005 07:45 PM
    Yahoo Messenger Mobo Security Alerts and vulnerabilities 0 02-18-2005 01:59 PM
    Windows Messenger Mobo Software 0 12-17-2004 12:06 AM
    Windows Messenger Mobo Software Update Alerts 0 12-02-2004 05:58 PM



    All times are GMT -5. The time now is 02:09 PM.

    Contact Us - CyberAnswers - Archive - Privacy Statement - Top

    Firefox 2