Reported December 3, 2003, by Tri Huynh.
- Yahoo Messenger 22.214.171.1247 and earlier
A vulnerability in Yahoo Messenger can result in the execution of arbitrary code on the vulnerable system. Yahoo Messenger's yauto.dll ActiveX/COM component is registered under a ProgID called YAuto.NSAuto.1. Inside this component, a function named Open(String URL) can cause a buffer overflow if an attacker sends a long stream of data in the form of a URL. Because yauto.dll is an ActiveX component, the attacker can exploit the vulnerability simply by creating a Web site with the correct ActiveX class ID (CLSID) and calling the function directly.
<span style="font-family:Verdana"><a href="http://www.yahoo.com/" style="color: blue; text-decoration: underline; text-underline: single">Yahoo</a> has been notified.</h3>
Discovered by Tri Huynh.