Eweek has reported multiple vulnerabilities in Yahoo Messenger which hackers can use to remotely execute code.
“Upon learning of the issue, we began working on a fix,” Yahoo! spokesperson Terrell Karlsten tells eWEEK. She declined further comment until she had more details.
A Yahoo! spokesperson confirmed the company is looking into a buffer overflow issue in an Active X control. The company also said the vulnerabilities, which have obtained a rating of “high” by eEye Digital Security, were reported to Yahoo! on June 5 but are not known to have been exploited. Version 8.x of Yahoo! instant messaging (IM) client is at risk.
In addition, officials from security research firm Secunia say, a boundary error within the Yahoo! Webcam Upload (ywcupl.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the ‘Server’ property and then calling the ‘Send()’ or ‘ Receive ()’ method.
A study by Akonix Systems in San Diego (May 2007), a provider of instant messaging security and compliance products, uncovered 170 IM threats—an increase of 73 percent when compared to the number the company found between January and May of 2006.
What is an ActiveX
According to wikipediaActiveX is Microsoft Technology used for developing reusable object-oriented software components. ActiveX is an alternate name for OLE automation, not a separate technology is incorrectly assumed by many. While the term “Automation” refers to the overall technology, “ActiveX” refers to the objects that can be created and manipulated using Automation.
Due to Internet Explorer and Visual Basic’s popularity in the late 1990’s, many people incorrectly assume that all of ActiveX is related to ActiveX controls. An ActiveX control is a special type of ActiveX object that is designed to be used similar to a plugin. The most common use of ActiveX controls is to build plugins for Internet Explorer.
No comments:
Post a Comment
Share your thoughts, Lets have a discussion :)