iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Yahoo Webcam Exploits Emerge
Search:
[ insider_reports_insider ]

Yahoo Webcam Exploits Emerge



David Utter
Staff Writer
2007-06-07

SecurityProNews: Insider Reports Insider Reports RSS Feed


A pair of zero-day exploits for part of Yahoo's Messenger service can cause arbitrary code execution at the user's level of access.

Yahoo Webcam Exploits Emerge
Yahoo Webcam Exploits Emerge

The high severity of the ActiveX flaws noted by eEye in their Zero-Day Tracker could mean trouble for users of Yahoo Messenger.

"ActiveX remote code execution vulnerabilities have very high impacts since the source of the malicious payload can be any site on the Internet," eEye said in its assessment.

"An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials."

Two proof-of-concept exploits have been posted in the archives of the Full-disclosure mailing list maintained by security consulting firm Neohapsis.

Yahoo has not issued a patch for these exploits.

However, eEye suggested a mitigation strategy in its advisory to disable calls to the vulnerable ActiveX controls from web pages.

That suggested the nature of the exploits could be of the drive-by variety, affecting people who simply pull up a malicious site in their browsers.

You Really Can't Trust The Media:

The long-time practice of sending spam and malware as an email with a current event-oriented headline comes and goes, but never truly leaves.

F-Secure noted the recent resurgence in this type of spam. SANS Internet Storm Center reported on some real-life headlines showing up in spam.

These are being accompanied by password-protected Zip archived files that contain a Trojan file.

Filenames attached to these archives makes them appear to be from news organizations.

They aren't, of course, but they do require email users to play reporter and exhibit some skepticism when receiving spam of this nature.


---

AddThis Social Bookmark Button


Tag:


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds