It seems like a classic heap overflow which can be triggered when the victim accepts a webcam invite. Note that this vulnerability is different from the recently patched one in June which exploited the Yahoo! Webcam ActiveX controls.
We've been able to reach Yahoo! security team and have informed them about this issue.
We recommend the following to users using Yahoo! Messenger Webcam:
- Don't accept webcam invites from untrusted sources until a patch for this is released.
- It's advisable to block outgoing traffic on TCP port 5100 until the vendor patches this vulnerability.
Although there are no known cases of this security hole being misused, I can't help but feel McAfee have made the situation worse by making the details public. Then again you could argue I am at fault for doing the same. If you are a Yahoo! Messenger user be careful accepting webcam invites until the issue is fixed.
View the post at avertlabs
Did you like this news post?
You can get all the latest articles at msgstuff.com in your email inbox each morning by entering your email address below.
Your address will only be used for mailing you the articles, and each one will include a link so you can unsubscribe at any time.
If you have an RSS reader, I recommend you subscribe to the Full RSS Feed 
Messenger Stuff
Similar Posts
Add Comment: