Welcome Guest ( Log In | Register)



 
 Reply to this topicStart new topic
> Yahoo! Messenger vulnerability
SebaztiaN
post Feb 18 2005, 09:56 PM
Post #1





Guests
Secunia Research has discovered a vulnerability in Yahoo! Messenger, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to a combination of weak default directory permissions and the Audio Setup Wizard (asw.dll) invoking the "ping.exe" utility insecurely during the connection testing phase. This can be exploited to execute arbitrary code with the privileges of another user by placing a malicious "ping.exe" file in the application's "Messenger" directory.

Successful exploitation requires that a user runs the Audio Setup Wizard and that the application has been installed in a non-default location (not as a subdirectory to the "Program Files" directory).

The vulnerability has been confirmed in version 6.0.0.1750 for Windows. Other versions may also be affected.

Solution:
Update to version 6.0.0.1921 or later.
http://messenger.yahoo.com/

Provided and/or discovered by:
Carsten Eiram, Secunia Research.
(list)

Go to the top of the page
 
+Quote Post
God
post Feb 18 2005, 11:24 PM
Post #2





Guests
This one too... biggrin.gif
(list)

Go to the top of the page
 
+Quote Post
« Next Oldest · Computer Security Issues & Exploits · Next Newest »
 

Reply to this topicStart new topic

Collapse

> Similar Topics

Topics Topics
  1. Virus Alert - Messenger Viruses(7)
  2. Msn Messenger Virus(60)
  3. Warning: Virus Spreading Through Msn Messenger(12)
  4. Yahoo! Mail Warns Me, Please Help(38)
  5. Remote Buffer Overflow Vulnerability In Yahoopops(2)
  6. Indiatimes Messenger 6.0 Buffer Overflow(3)
  7. [exploit] Phpbb <=2.0.12 Vulnerability.(2)
  8. Yahoo! Fake(27)
  9. Shieldsup! Internet Vulnerability Test(17)
  10. New Messenger Virus & Hoaxes!(4)
  11. Email Yahoo Free Accounts Without Pop3 Server?(1)
  12. Microsoft Windows Dhcp Client Service Remote Code Execution Vulnerability(0)
  13. Php Security Vulnerability - Beware From Spammers(1)
  14. Hole In Microsoft Messenger Program Requires A Immediate Update(0)
  15. Virus Thru Msn Messenger(6)


 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

- Lo-Fi Version Time is now: 7th October 2008 - 08:24 AM
Powered By IP.Board © 2008  IPS, Inc.
Licensed to: Xisto Corporation