lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <6.0.1.1.2.20031209184538.029e2ec0@127.0.0.1>
From: bugtraq-post at beej.org (Marc Bejarano)
Subject: Re: Yahoo Instant Messenger YAUTO.DLL buffer overflow

yahoo claims to have fixed this problem.  latest version is now 5.6.0.1356.

see http://messenger.yahoo.com/security/update4.html

afaik, the "Yahoo Messenger Flaw allows injection of JavaScript into IM 
Windows" problem reported to bugtraq by chet simpson on 12/5 remains unfixed.

marc

At 04:06 12/3/2003, Tri Huynh wrote:
 >Yahoo Instant Messenger YAUTO.DLL buffer overflow
 >=================================================
 >
 >PROGRAM: Yahoo Instant Messenger (YIM)
 >HOMEPAGE: http://messenger.yahoo.com
 >VULNERABLE VERSIONS: 5.6.0.1347 and below
 >
 >
 >DESCRIPTION
 >=================================================
 >
 >YIM is one of the most popular instant messenger. This is a cool product,
 >that allows me to chat with my gf from a very long distant :-).
 >
 >
 >DETAILS
 >=================================================
 >
 >YAUTO.DLL is an ActiveX/COM component that comes with Yahoo
 >Install Messenger. YAUTO.DLL is registered under a ProgID called
 >"YAuto.NSAuto.1". In this component, there is a function named
 >Open(String Url) that will cause a buffer overflow if argument Url is passed
 >with
 >a long string. Since this is an ActiveX component, the vulnerability can
 >be exploited just by making a website with the correct CLSID of
 >the ActiveX and call the function directly. We have successfully exploited
 >the vulnerability by making a website that can download a trojan and
 >execute it silently.
 >
 >
 >
 >WORKAROUND
 >=================================================
 >
 >Yahoo has been contacted at enterprisesales@...oo-inc.com (this
 >is the only email that I can find on the Yahoo Messenger Site) but
 >doesn't response after 1 month. The workaround solution is deleting
 >the YAUTO.DLL file in your YIM directory.
 >
 >
 >CREDITS
 >=================================================
 >
 >Discovered by Tri Huynh from SentryUnion
 >
 >
 >DISLAIMER
 >=================================================
 >
 >The information within this paper may change without notice. Use of
 >this information constitutes acceptance for use in an AS IS condition.
 >There are NO warranties with regard to this information. In no event
 >shall the author be liable for any damages whatsoever arising out of
 >or in connection with the use or spread of this information. Any use
 >of this information is at the user's own risk.
 >
 >
 >FEEDBACK
 >=================================================
 >
 >Please send suggestions, updates, and comments to: trihuynh@...up.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ