Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
MP3Rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

Serious Yahoo Messenger flaw

p2pnet.net news:- More trouble for Yahoo.

Sued for allegedly releasing information which led to Chinese dissidents being jailed, and being eyed suspiciously following an assertion by one of its senior people that the future of the web isn’t about search, now Yahoo Messenger has two extremely critical security holes which could allow hackers to gain control of victims’ systems, says Secunia, going on:

1) A boundary error within the Yahoo! Webcam Upload (ywcupl.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the “Server” property and then calling the “Send()” method.

2) A boundary error within the Yahoo! Webcam Viewer (ywcvwr.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the “Server” property and then calling the “Receive()” method.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

The vulnerabilities are confirmed in version 8.1.0.249. Other versions may also be affected.

Solution: Set the kill-bit for the affected ActiveX controls.

Slashdot Slashdot it!

Also See:
jailed – Yahoo in new China dissident lawsuit, March 31, 2007
eyed suspiciously – The Net isn’t about search: Yahoo, June 6, 2007
Secunia – Yahoo! Messenger Two ActiveX Controls Buffer Overflows, June 7, 2007

If your Net access is blocked by government restrictions, try Psiphon from the Citizen Lab at the University of Toronto’s Munk Centre for International Studies. Go here for the official download, and here for details. And if you’re Chinese and you’re looking for a way to access independent Internet news sources, try Freegate, the DIT program written to help Chinese citizens circumvent web site blocking outside of China. Download it here.

rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php | | And use free p2pnet newsfeeds for your site
Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local politicians. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance. Don’t just complain. Do something!

This entry was posted on Thursday, June 7th, 2007 at 11:15 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 8823 times

« previous Online porn teacher reprieved
Intel, Asustek vs OLPC next »

Leave a Reply

Please no Spam, flaming (attacking others), trolling, and posting off-topic. Thanks.

    Advertisements
TekSavvy


Remove Spyware with AntiSpyware for Windows®