Severity: High Risk: High
Area of Impact: Drag & Drop – Message Box
Details of the Vulnerability:
A Buffer Overflow vulnerability has been detected on Yahoo Instant Messenger v11.5 client software.
The bug is located on the drag & drop message box function of the software when processing special crafted file transfers.
The vulnerability allows an local attacker to crash the software & all bound yahoo components.
Thus creating the buffer overflow
Proof of Concept: Testing purposes only!!
This vulnerability can be exploited by security enthusiasts. More details can be found here:
http://www.vulnerability-lab.com/get_content.php?id=432 ****The information provided in this advisory is provided as it is without any warranty.
Hack in Progress: Watch the vulnerability in action
No report from Yahoo as of yet. We will keep you posted on all the details.
Also on NSIT:
- Cisco Security Appliances at risk from Telnet bug (netsecurityit.wordpress.com)
- Yahoo! Messenger v11.5 – Buffer Overflow Vulnerability (netsecurityit.wordpress.com)
February 13, 2012 | Categories: anti virus, anti virus software, antivirus software, Communications, Exploit, General Security, Hacking, Home Office, Home User, internet security alerts, Mobile Device Management, network internet security, network management security, Network Security, Network Security News, network security solution, Patching, Remote Code Execution, Security, Security Advisory, spyware, virus protection, Vulnerabilities, Zero-Day | Tags: Buffer overflow, buffer overflow vulnerability, Chat, cisco security, Clients, Drag-and-drop, drop message, Facebook, File transfer, Instant messaging, proof of concept, Security, security appliances, Vulnerability (computing), Wikipedia, www youtube, Yahoo, Yahoo Messenger | Leave a comment