Tag - McAfee
The Yahoo! Messenger webcam feature has had security problems in the past resulting in a minor security update. This week a similar issue has been noted by McAfee warning Yahoo! Messenger users of a possible exploit:
Although there are no known cases of this security hole being misused, I can't help but feel McAfee have made the situation worse by making the details public. Then again you could argue I am at fault for doing the same. If you are a Yahoo! Messenger user be careful accepting webcam invites until the issue is fixed.
>> View the post at avertlabs
It seems like a classic heap overflow which can be triggered when the victim accepts a webcam invite. Note that this vulnerability is different from the recently patched one in June which exploited the Yahoo! Webcam ActiveX controls.
We've been able to reach Yahoo! security team and have informed them about this issue.
We recommend the following to users using Yahoo! Messenger Webcam:
We've been able to reach Yahoo! security team and have informed them about this issue.
We recommend the following to users using Yahoo! Messenger Webcam:
- Don't accept webcam invites from untrusted sources until a patch for this is released.
- It's advisable to block outgoing traffic on TCP port 5100 until the vendor patches this vulnerability.
Although there are no known cases of this security hole being misused, I can't help but feel McAfee have made the situation worse by making the details public. Then again you could argue I am at fault for doing the same. If you are a Yahoo! Messenger user be careful accepting webcam invites until the issue is fixed.
>> View the post at avertlabs