Jun 12, 2007

[Security] Yahoo! Messenger Security Update: Live Show-ers Beware

Users of the popular/ubiquitous/bane of corporate IT people Yahoo! Messenger are advised to update to the latest version ( of the said instant messaging application due to the existence of two ActiveX vulnerabilities.

The said vulnerabilities are ActiveX buffer overflows that can lead to remote code execution. These ActiveX controls are related to YM's Web cam capabilities (so you live show-ers are mostly affected).

Related to this topic, Trend Micro has detected a new malware that specifically exploits these YM vulnerabilities. Dubbed as JS_DLOADER.NSP, which exploits the YM vulnerabilities to download another malware.

By this time, YM should have prompted you to download the update, unless you're the type to ignore updates. I suggest you do so, now. Your live show will have to wait.

(Crossposted from here.)

No comments:

Post a Comment