Jul 26, 2008

Yahoo! Messenger vulnerability
Free Web Hosting, No Ads > CONTRIBUTE > Computers > Computer Security Issues & Exploits

free web hosting

Yahoo! Messenger vulnerability

SebaztiaN
Feb 18 2005, 09:56 PM
Secunia Research has discovered a vulnerability in Yahoo! Messenger, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to a combination of weak default directory permissions and the Audio Setup Wizard (asw.dll) invoking the "ping.exe" utility insecurely during the connection testing phase. This can be exploited to execute arbitrary code with the privileges of another user by placing a malicious "ping.exe" file in the application's "Messenger" directory.

Successful exploitation requires that a user runs the Audio Setup Wizard and that the application has been installed in a non-default location (not as a subdirectory to the "Program Files" directory).

The vulnerability has been confirmed in version 6.0.0.1750 for Windows. Other versions may also be affected.

Solution:
Update to version 6.0.0.1921 or later.
http://messenger.yahoo.com/

Provided and/or discovered by:
Carsten Eiram, Secunia Research.

 

 

 


Reply

God
Feb 18 2005, 11:24 PM
This one too... biggrin.gif

Reply


Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.

Nature of your Post*: Opinion/ Reply/ Comments
Question/Query
Feedback to us.
       
Name   Email
Title/Question*

(Maximum characters: 10,000)
You have characters left.
Confirm Code:

Recent Queries:-
  1. download yahoo live msngr - 51.25 hr back. (1)
  2. download yahoo audio setup wizard - 67.06 hr back. (1)
  3. yahoo msngr download 8.1 - 92.72 hr back. (1)
  4. free yahoo msngr downloads - 94.86 hr back. (1)
  5. yahoo msngr 7 steup download - 119.77 hr back. (1)
  6. yahoo video setup wizard - 57.69 hr back. (5)
  7. auto wizzard for yahoo messenger - 142.36 hr back. (1)
  8. admin privilege for yahoo messenger - 148.26 hr back. (1)
  9. yahoo msngr - 149.04 hr back. (1)
Similar Topics

Keywords : yahoo, messenger, vulnerability

  1. Virus Thru Msn Messenger
    Instant message supposedly thru my daughter... (6)
  2. Hole In Microsoft Messenger Program Requires A Immediate Update
    For Users of MSN Messenger 6.2, 7.0 and 7.5 versions of MSN Messenger (0)
    SOURCE Well it seems that Microsoft found a huge hole in MSN Messenger that was bad enough that
    they want people to upgrade to the current Messenger which is Live 8.1 or something like that. As
    for details on the problem they just said the following, "..which let hackers embed malicious code
    in Web chat invitations to users." and that they found this problem in "6.2, 7.0 and 7.5, as well as
    Windows Live Messenger 8.0." Although it was interesting to know that people were actually
    complaining about Live Messenger being a resource hog, well the last time I check msn w....
  3. Php Security Vulnerability - Beware From Spammers
    If you notice your site becoming really slow, you may be a victim (1)
    QUOTE PHP Security If you are using PHP on your website we ask that you please read the
    following carefully. We have noticed a significant number of PHP websites are being compromised
    due to vulnerable PHP code. Spammers are scanning millions of websites on the Internet looking for
    PHP scripts that can be exploited to send spam. When they find a script that has a loophole they
    send thousands of email messages through the script, often taking down the website or severely
    impacting website performance. Generally these loopholes exploit code using paramet....
  4. Microsoft Windows Dhcp Client Service Remote Code Execution Vulnerability
    (0)
    What it is A exploit in the buggy OS of XP has been found, this one concering DHCP. OS effected
    Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows
    2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced
    Server SP4 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Datacenter Server SP1
    Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP3 Microsoft
    Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Professional Microsof....
  5. Email Yahoo Free Accounts Without Pop3 Server?
    (1)
    i have friend and he ask me today why after he opened free yahoo email account with .com extension,
    dont have a pop3 server to send and receive e-mails? I have account with .es and can configure a
    free pop3 server.....
  6. New Messenger Virus & Hoaxes!
    (4)
    well it's starting to look like this virus is going around almost all the common messengers.
    (ICQ, Yahoo, MSN, AIM, the works) It says: "Hey can you rate my picture?" with a link to a blank
    site. Well dont click. It's blank because the virus is on it. Believe me. I had it. and it
    kills your comp.....
  7. Shieldsup! Internet Vulnerability Test
    free test to see how vulnerable you are (17)
    Gibson Research Company (GRC) has a number of free tests available and their ShieldsUp! is one
    of the best I've seen around. QUOTE Without your knowledge or explicit permission, the
    Windows networking technology which connects your computer to the Internet may be offering some or
    all of your computer's data to the entire world at this very moment! Using this online
    utility, you can check on your Windows file sharing, probe common ports and service ports, see what
    Windows Messenger is doing in the background, check up on Internet Explorer and muc....
  8. Yahoo! Fake
    Fake Staff Member (27)
    On Yahoo! its some guy running around sending random e-mails about "Yahoo revamping their
    databases, and need your password, ID, IP, and a ping from you. (Wierd.) Why a ping? Well anyways,
    don't fall for it! His username is staff_member8@yahoo.com....
  9. [exploit] Phpbb <=2.0.12 Vulnerability.
    How to be Admin on phpBB in Simple steps (2)
    Another vulnerability in PHPbb based forums that can be used to easily gain any user level access to
    the forum. Even the admin account is not not secure with the default setup. Click Here for more
    details about -"How to be Admin on phpBB in Simple steps!" And here is the Homepage of
    PHPbb and click here to download the latest version.....
  10. Indiatimes Messenger 6.0 Buffer Overflow
    Indiatimes Messenger 6.0 Buffer Overflow (3)
    CODE [CODE]Indiatimes Messenger 6.0 Buffer Overflow (Remote) Vulnerable Program
    : Indiatimes Messenger v6.0 (Latest) Vendor URL :
    http://messenger.indiatimes.com/ Exploit Type : Remote DoS (Remote Compromise may also
    be possible) Proof Of Concept: [script] var obj1 = new
    ActiveXObject("MMClient.MunduMessenger.1"); var buf = ""; for(i=0;
    i<1000; i++) {  buf += "A"; } while(obj1.GetServerStatus() !=
    "Logged In"); //wait till login ....
  11. Remote Buffer Overflow Vulnerability In Yahoopops
    (2)
    Hat-Squad Advisory: Remote Buffer overflow Vulnerability in YahooPOPS September 22, 2004 Product:
    YahooPOPS! Vendor URL: http://yahoopops.sourceforge.net Version: YahooPOPS v0.4 up to v0.6
    Vulnerability: Remote Buffer overflows Release Date: 27 September 2004 Vendor Status: Informed on
    24 September 2004 Response: no response Description: YahooPOPs! Is an application that provides
    POP3 access to Yahoo! Mail. It is available on the Windows, Linux, Solaris and Mac platforms.
    This application emulates a POP3 & SMTP server. It also enables popular email clie....
  12. Yahoo! Mail Warns Me, Please Help
    *DETECTED* Online User Violation (true?) (38)
    I'm receiving the folloing quoted messages from mail@yahoo.com with zip file as an attachment. I
    am quite disturbed with the message. Could this message be true Or should I ignore it? As far as my
    knowledge is concerned I have never sent any spam messages using my yahoo mail account. And I hate
    spam messages too. What if they eventually close down my yahoo email ID!! /sad.gif'
    border='0' style='vertical-align:middle' alt='sad.gif' /> Does anyone get the same message? The
    thing is that this mail reaches to my Junk mailbox too. Please give your opinion!....
  13. Hosting Controller V.6.1 Vulnerability
    Hosting Controller v.6.1 Vulnerability (1)
    Hosting Controller is a complete array of Web hosting automation tools for the Windows Server family
    platform. This vulnerability is on the admin/hosting/addsubsite.asp Attacker can create user and
    host on the target system. Exploit --------- A demonstration exploit URL is provided: h**p://
    /admin/hosting/addsubsite.asp?loginname=Mouse&password=123456 h**p://
    :8077/hosting/addsubsite.asp?loginname=Mouse&password=123456 --> Domain: Username:
    Mailserver: Password: ....
  14. Cookie Security Vulnerability
    If you're using IE to login (10)
    Problem: The cookie for admin is set by default to one month for most scripts. This is dangerous
    because anyone can enter a certain script (which I won't paste here), and IE will auto-correct
    it, sending information to that person, who can then change the UID and log in to the site as
    admin!! Solution: If you're using IE to login to, clear your cookies, it's not too
    late! Then, switch over to Mozilla. /smile.gif' border='0' style='vertical-align:middle'
    alt='smile.gif' /> You know you want to.......
  15. Warning: Virus Spreading Through Msn Messenger
    any info? (12)
    I was online, and then a friend sent me that file, and I accepted it because he's been wanting
    to send me a program that improves the resolution of the screen. But then my email address was in
    the file name, so I asked him what that was. To my horror, he said 'virus', but it was too
    late, I already opened it and then several chat screens popped-up, and it was auto-sent to some of
    the friends on the contact list. Luckily i was quick enough to ask them not to click on it. And my
    norton internet security and microsoft anti spyware program detected it and asked ....
  16. Msn Messenger Virus
    awful (60)
    Okay there’s a new virus going around MSN, I thought only my dumb friends were the ones accepting
    it, but turns out its across the nation. So I dont know if you've got it and deleted it, or was
    smart and didn’t accept it. Well it goes by (as far as I know) three names. There like "Frog
    something something blender" "My new photo!" and like "Me and my lesbian friends!". Its a
    17kb file, so if some1 in your list tries to send you one the those, DONT ACCEPT! It goes into
    your list(takes total control, so you cant do anything) and sends itself to EVERY1 in you....
  17. Virus Alert - Messenger Viruses
    New viruses spreading through Y! Msngr (6)
    QUOTE If somebody by the name of json73002@yahoo.com adds you. dont accept it. Its a virus. Tell
    everyone on ur bulletin because if somebody on ur list adds them, u get the virus too. Tell everyone
    on your list not to open anything angell11. tewwtuler and sassy*BLEEP*. It is a hard drive killer
    and a very horrible virus. Pass this letter to everyone on your buddy list. We need to find out who
    is really using these accounts. Sorry for the inconvenience. Becareful while using Messengers
    guys! Don't keep your messengers online unnecessarily. Go offline as so....


      18. Looking for yahoo, messenger, vulnerability

Searching Video's for yahoo, messenger, vulnerability
advertisement



Yahoo! Messenger vulnerability



 

 

 

 

ADD REPLY / Got an Opinion! Remove these ADs! RAPID SEARCH! Free Web Hosting [X]
Express your Opinions, Thoughts or Contribute more info. to help others.
Ask your Doubts & Queries to get answers, So that "Together We can help others!" 		Register FREE for AD-FREE forum, Create your own topics, Ask Questions, track topics, setup subscriptions & notifications and Get a Free Website w/ Email and FTP.
500MB Space *No Ads*, CPanel, FTP, PHP, MySQL, EMails - 100% FREE