[ news_security_news ]
(Another) Update For Yahoo Messenger
Doug Caverly
Staff Writer
2007-08-31
 Insider Reports RSS Feed
Last week, a Yahoo Messenger security update was issued; this update fixed a pretty serious flaw. Now Yahoo's at it again, and it's the same piece of software that's in trouble.
 | | (Another) Update For Yahoo Messenger |  |
From the horse's mouth: "Yahoo! recently identified a security issue, commonly referred to as a buffer overflow in an ActiveX control. This control is part of the Yahoo! services suite typically downloaded with the installer for Yahoo! Messenger."
Yahoo's official Security Update later continues, "Some impacts of a buffer overflow might include involuntary log out of a Yahoo! Chat and/or Yahoo! Messenger session, the crash of an application such as Internet Explorer, and in some instances, the introduction of executable code. In this case, these problems could only happen if an attacker successfully lured the Yahoo! Messenger user to view malicious HTML code, most likely by getting a person to visit the attacker's web page."
Users of Yahoo Messenger would be well advised to download the patch as soon as possible, then, and in the meantime, be more careful than usual.
Still, a small measure of comfort may be taken in the fact that, to the best of Yahoo's knowledge, "there have been no known malicious executable code exploits related to this issue." Also, Yahoo says that the Messenger update is rather small in terms of download time.
Hat tip to ZDNet's Ryan Naraine.
About the Author:
Doug is a staff writer for SecurityProNews, InternetFinancialNews, SearchNewz, and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
