Reported December 3, 2003, by Tri Huynh.
- Yahoo Messenger 188.8.131.527 and earlier
A vulnerability in Yahoo Messenger can result in the execution of arbitrary code on the vulnerable system. Yahoo Messenger's yauto.dll ActiveX/COM component is registered under a ProgID called YAuto.NSAuto.1. Inside this component, a function named Open(String URL) can cause a buffer overflow if an attacker sends a long stream of data in the form of a URL. Because yauto.dll is an ActiveX component, the attacker can exploit the vulnerability simply by creating a Web site with the correct ActiveX class ID (CLSID) and calling the function directly.
Yahoo has been notified.
Discovered by Tri Huynh.