Reported December 3, 2003, by Tri Huynh.

 

 

VERSIONS AFFECTED

 

  • Yahoo Messenger 5.6.0.1347 and earlier

 

DESCRIPTION

 

A vulnerability in Yahoo Messenger can result in the execution of arbitrary code on the vulnerable system. Yahoo Messenger's yauto.dll ActiveX/COM component is registered under a ProgID called YAuto.NSAuto.1. Inside this component, a function named Open(String URL) can cause a buffer overflow if an attacker sends a long stream of data in the form of a URL. Because yauto.dll is an ActiveX component, the attacker can exploit the vulnerability simply by creating a Web site with the correct ActiveX class ID (CLSID) and calling the function directly.

 

VENDOR RESPONSE

 

<span style="font-family:Verdana"><a href="http://www.yahoo.com/" style="color: blue; text-decoration: underline; text-underline: single">Yahoo</a> has been notified.</h3>

 

CREDIT

 

Discovered by Tri Huynh.