主要為音效AudioConf ActiveX控制程式,出現緩衝區溢位弱點,影響範圍包括Yahoo! Messenger 8.x ,
這個弱點可以讓遠端攻擊者利用'socksHostname' and 'hostname' 和createAndJoinConference() 指令進行緩衝區溢位攻擊
ZDI-07-012:
Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow
Apr 03 2007 08:22PM
zdi-disclosures 3com com
ZDI-07-012: Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-07-012.html
April 3, 2007
-- CVE ID:
CVE-2007-1680
-- Affected Vendor:
Yahoo!
-- Affected Products:
Yahoo! Messenger 8.x
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability since November 10, 2006 by Digital Vaccine protection
filter ID 4791. For further product information on the TippingPoint IPS:
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Yahoo Messenger. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page.
The specific flaw exists within the ActiveX control Yahoo.AudioConf:
DLL: yacscom.dll
CLSID: 85A4A99C-8C3D-499E-A386-E0743DFF8FB7
When large values are specified for the 'socksHostname' and 'hostname'
properties, and the createAndJoinConference() method is called, a stack
overflow occurs. Exploitation can result in code execution under the
context of the current user.
-- Vendor Response:
Yahoo has issued an update to correct this vulnerability. More details
can be found at:
http://messenger.yahoo.com/security_update.php?id=031207
| Security Updates Yahoo! ActiveX Audio Conferencing UpdatePosted 2007-04-02 Do I need to update Yahoo! Messenger to the new version? Yes, if you are using a version of the All New Yahoo! Messenger obtained before March 13, 2007 on a Windows PC. How do I get the Security Update? You can download the latest version of Yahoo! Messenger from possiblefraudstart "us.lrd.yahoo.com" possiblefraudend possiblefraudstart "us.lrd.yahoo.com" possiblefraudend http://messenger.yahoo.com. What is the security issue? Yahoo! recently identified a security issue, commonly referred to as a buffer overflow in an ActiveX control. This control is part of the Yahoo! Messenger audio conferencing code. Which organization informed Yahoo!? Yahoo! has relationships with third-party security organizations and researchers. Yahoo! was informed of this particular issue from TippingPoint and the Zero Day Initiative. What is the potential impact? Some impacts of a buffer overflow might include being involuntarily logged out of a Chat and/or Instant Messaging session, the crash of an application such as Internet Explorer, and in some instances, the introduction of executable code. For this specific security issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their web page. Who is affected? Yahoo! Messenger users who inadvertently view malicious HTML code on an attacker's website. If your computer has installed Yahoo! Messenger before March 13, 2007 , you should install the update. Why do I have to install the update? Installing the update helps protect against exploits of this issue that may be developed. How long will it take? The update should take no more than a couple minutes, although the exact time depends on the speed of your Internet connection. What if I don't install the update? When you sign into Yahoo! Messenger, you will be prompted to update. Yahoo! will be notifying users worldwide through these prompts over the next several weeks. If you choose not to update and you have not updated via this page or at messenger.yahoo.com, the vulnerability will still exist. I'm a technical user. What is the CLSID and exact version of the control that contains the fix? The CLSID is 2B323CD9-50E3-11D3-9466-00A0C9700498 and the version is 1.0.0.48. |
留言列表
