Yahoo! Messenger v11.5 – Buffer Overflow Vulnerability
Yahoo! Messenger v11.5 – Buffer Overflow Vulnerability
Severity: High Risk: High
Area of Impact: Drag & Drop – Message Box
Details of the Vulnerability:
Image via Wikipedia
A Buffer Overflow vulnerability has been detected on Yahoo Instant Messenger v11.5 client software.
The bug is located on the drag & drop message box function of the software when processing special crafted file transfers.
The vulnerability allows an local attacker to crash the software & all bound yahoo components.Thus creating the buffer overflow
Proof of Concept: Testing purposes only!!
This vulnerability can be exploited by security enthusiasts. More details can be found here:
http://www.vulnerability-lab.com/get_content.php?id=432 ****The information provided in this advisory is provided as it is without any warranty.
Hack in Progress: Watch the vulnerability in action
No report from Yahoo as of yet. We will keep you posted on all the details.
Also on NSIT:
- Cisco Security Appliances at risk from Telnet bug (netsecurityit.wordpress.com)
- Yahoo! Messenger v11.5 – Buffer Overflow Vulnerability (netsecurityit.wordpress.com)
Let's hear what you have to say.