The definitive guide to collaboration
Click here to watch the Computing TV video

knowledge centres

SEARCH Computing Jobs White papers Google

Register . About . Digital Edition . Advertise . PDA . RSS

Yahoo Messenger web chat flaw emerges

Chinese security boards reveal new vulnerability

Shaun Nichols in California, vnunet.com, 16 Aug 2007

Yahoo Messenger

Yahoo has yet to verify the flaw as a zero-day vulnerability

A new vulnerability in Yahoo Messenger has been uncovered in the web chat component of the instant messaging application.

A memory error known as a 'heap overflow' can be triggered when a user accepts a specially crafted web chat invitation from the attacker, according to security firm McAfee.

It is not yet known whether an attacker would then be able to remotely execute code or cause a denial of service.

"Once the condition is induced, it depends on what your exploit code can do, " Dave Marcus, senior security strategist at McAfee, told vnunet.com.

McAfee said that the vulnerability was first spotted on a Chinese-language security board. The company then tested and verified the code, and passed it on to Yahoo.

Yahoo has yet to verify the flaw as a zero-day vulnerability, but McAfee said that it is definitely not related to the ActiveX flaw reported in June.

Marcus noted that no exploit code has yet been written to take advantage of the vulnerability, and there are no reports of the vulnerability being targeted by active attacks.

McAfee recommends Yahoo Messenger users to avoid accepting web chat invitations from unknown sources, regardless of whether they have a webcam installed or not.

No other applications are believed to be affected by the vulnerability.

Further reading:

'Extremely critical' flaws hit Yahoo Messenger

Yahoo rushes out IM patch

Microsoft sets date for Xbox 360 Chatpad

Security exchange trades zero-day flaws

More stories on these topics:

Permalink Comments Forward

what do you think?

Post your comment

Send an email to the Computing editor at feedback@computing.co.uk

Reader comments for this story

Post your comment What is this?

Like this story? Spread the news by clicking a link:

del.icio.us

digg this

related content

latest news

A VirginTrain

Virgin Wi-Fi is hit by delays

Onboard web service due to arrive in 2007 is behind schedule 21 Aug 2008

NHS procedure

Conservatives seek "vision" for NHS IT policy

The British Computer Society will conduct an independent review of NHS IT policy 21 Aug 2008

crowd of people

Government urged to scrap paper census

Better public sector data sharing would provide all the necessary information, says think tank 21 Aug 2008

latest in depth

EU flags

Data retention plans draw further criticism

Privacy fears over directive that will allow organisations to view emails, texts and web use 21 Aug 2008

Men using mobile phones

IT staff survive credit crunch

Firms recognise need for IT – but staff must keep skills up to date 20 Aug 2008

Oyster card

Mixed reaction to decision by TfL to end Oyster contract

Transport for London cuts its ties with the TranSys consortium and begins plans for its replacement 21 Aug 2008

Advertising Marketplace

Search for solutions, reports & analysis

Sponsored links

Featured jobs

Senior Business Analyst

London, United Kingdom | Utilyx

Senior Business Analyst - London Highly professional individual capable of working at senior / board level with blue chip clients - shaping and driving the analysis and design of their energy management solutions Proven capability ... more >

Systems Support and Development Officers

Cherwell, Oxfordshire, United Kingdom | Cherwell District Council

Customer Service and Resources Systems Support and Development Officers £29,355 per annum Local Grade 15 Cherwell District Council uses a range of significant business systems to help deliver its services to internal and external ... more >

Netcool Designer / Engineer

Reading, Berkshire, United Kingdom | EDS

Job Title Netcool Designer / Engineer Location Reading Short Description: DII The DII project is contracted to supply both hardware and software infrastructure solutions to support the MoD transition to a common base solution, based ... more >

Business Intelligence Specialists

London, United Kingdom | MI5

Business Intelligence Specialists - Competitive Salary + Excellent Benefits - London Getting the best out of technology is critical to helping us protect the UK. Join MI5 and use your skills and experience to ... more >

More job opportunities

advertisement

advertisement

Most popular topics on Computing.co.uk

Communications . Ecommerce . Government . Green . Hardware . Innovation . Integration . Jobs . Outsourcing . Security . Skills . Software . Strategy

IThound

Computing newsletter

Computing Careers

Job of the week

advertisement

Related jobs

Search for a job

Try our Advanced search

white papers

Search for solutions, reports & analysis

advertisement

advertisement

advertisement