Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 Yahoo! Messenger YAUTO.DLL ActiveX Buffer Overflow Lets Remote Users Execute Arbitrary Code
Categorie: Vulnerability
Posted: 2003-12-04 by ReCall
Views: 451
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: Tri Huynh from SentryUnion reported a buffer overflow in Yahoo! Messenger in the 'YAUTO.DLL' ActiveX component. A remote user can execute arbitrary code on the target system.

It is reported that a remote user can create HTML that, when loaded by the target user, will cause an arbitrary executable to be downloaded to the target user's computer and silently executed.

The report indicates that YAUTO.DLL is registered under a ProgID called "YAuto.NSAuto.1" and contains a buffer overflow in the Open() function. A remote user can pass a specially crafted URL to trigger the overflow and execute arbitrary code.

Impact: A remote user can execute arbitrary code on the target system with the privileges of the target
user.

Solution: No solution was available at the time of this entry.


The author of the report indicates that, as a workaround, you can delete the YAUTO.DLL file in your Yahoo! Messenger directory.
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=582

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES