McAfee warns Yahoo! Messenger users of webcam exploit
Posted by absorbation on Sat 18 Aug 2007 (19:10 GMT)

The Yahoo! Messenger webcam feature has had security problems in the past resulting in a minor security update. This week a similar issue has been noted by McAfee warning Yahoo! Messenger users of a possible exploit:

It seems like a classic heap overflow which can be triggered when the victim accepts a webcam invite. Note that this vulnerability is different from the recently patched one in June which exploited the Yahoo! Webcam ActiveX controls.

We've been able to reach Yahoo! security team and have informed them about this issue.

We recommend the following to users using Yahoo! Messenger Webcam:

  1. Don't accept webcam invites from untrusted sources until a patch for this is released.
  2. It's advisable to block outgoing traffic on TCP port 5100 until the vendor patches this vulnerability.


Although there are no known cases of this security hole being misused, I can't help but feel McAfee have made the situation worse by making the details public. Then again you could argue I am at fault for doing the same. If you are a Yahoo! Messenger user be careful accepting webcam invites until the issue is fixed.

>> View the post at avertlabs

0 comments | 15 trackbacks | Permalink | 1370 views | 252 words


Tags: McAfee  Webcam  Yahoo!  

Did you like this news post? You can get all the latest articles at msgstuff.com in your email inbox each morning by entering your email address below. Your address will only be used for mailing you the articles, and each one will include a link so you can unsubscribe at any time. If you have an RSS reader, I recommend you subscribe to the Full RSS Feed

Comments:



Add Comment:

Your Name
Your Email Address
(Never Displayed)
Your Website
Message



Type the value in the image above
Notify me of further comments