Yahoo! has patched holes in its instant messenger (YIM)
application after a Vietnamese researcher found security vulnerabilities
that allowed unauthorized execution of programs on a user's PC via buffer
overflows or Java or Visual Basic script execution.
In an advisory, researcher Phuong Nguyen said the holes allowed
unauthorized script execution through the YIM content tabs. "The net impact
is to allow a relatively simple opportunity to hijack users' YIM client
outright, and use it to attack or intrude into YIM users supposedly private
information systems," Nguyen said.
What about Bob? Glauber's NFL Blog::
Playoff seedings proposal gets squashed like a bug. Palm Beach, Fla. Security Code: Please enter the security code you see here
http://weblogs.newsday.com/sports/football/bob_blog/2008/04/playoff_seedings_proposal_gets.htmlHOME |
linux.debian.devel.quality-assurance (date)::
remove of debian-guide debian-guide-zh ??, Osamu Aoki; Bug squashing in Darmstadt, . Re: FWD: Squirrelmail XSS + SQL security bug?, Jeroen van Wolffelaar
http://osdir.com/ml/linux.debian.devel.quality-assurance/2004-07/HOME |
The researcher said Yahoo! was informed of the vulnerability and issued a repaired
version of the popular text-based chat tool.
The Yahoo IM fix comes on the heels of a similar problem which cropped up for competitor Microsoft's
instant messenger product.
Security Bugs in Oracle Lotus Products::
Security Bugs Squashed in Yahoo IM. Security Bugs Squashed in Yahoo IM 05292002 0224 PM Mozilla Offers Money for Security Bugs 08032004 0612 PM
http://www.stargeek.com/item/7137.htmlHOME |
iTWire - Icahn gets on board at Yahoo! - so what's next?::
Jul 22, 2008 Icahn votes his almost 5 percent of Yahoo! stock in favour of re-electing . Reply · Re: Bugs squashed, vulnerabilities patched and info
http://www.itwire.com/content/view/19559/598/HOME |
The Yahoo! IM alert, which was publicized after the company released a
repaired version of the instant messenger, contained two vulnerabilities in
the client. The research firm found a buffer overrun which enabled any URL
beginning with "ymsgr:" to execute "ypager.exe" code. Once "ypager.exe" is
called, the IM client crashed and unauthorized code could be deployed if the
Yahoo IM was running on a browser.
meeblog » releases::
First, a note about the IM History notification message: we aren’t . Various Bug Fixes - As always, we’ve squashed a few bugs that have sprouted out and
http://blog.meebo.com/?cat=3HOME |
Over 1600 New AIM Smileys! - BigBlueBall Forums::
Feb 13, 2003 Thanks for reporting the bugs. On the other ones, try closing your IM window and opening a new one. Usually after a few tries it will start
http://www.bigblueball.com/forums/aim-support/15057-over-1600-new-aim-smileys.htmlHOME |
"If we input a string that has more than 260 bytes we will crash YIM; 264
bytes will overwrite the EBP register; four (4) more bytes will overwrite
the EIP register. In total, 268 bytes are needed to cause a buffer
overflow," according to the alert.
"With no proper bounds checking in the ymsgr protocol, attackers can
overflow the YIM function calls "call", "sendim", "getimv", "chat",
"addview", "addfriend" tags," the firm said.
It said Yahoo! removed some functionalities of the repaired IM client,
including the "addview" function which enabled the instant messenger to view
Web content on its own.
 Liberty Alliance Adds New Members
 New Wireless Push Technology Library Opens
|
HOME
PRINT
Add to favorites