Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: Yahoo Instant Messenger YAUTO.DLL buffer overflow

Re: Yahoo Instant Messenger YAUTO.DLL buffer overflow

From: Marc Bejarano <bugtraq-post_at_beej.org>
Date: Tue, 09 Dec 2003 18:48:56 -0400

yahoo claims to have fixed this problem. latest version is now 5.6.0.1356.

see http://messenger.yahoo.com/security/update4.html

afaik, the "Yahoo Messenger Flaw allows injection of JavaScript into IM
Windows" problem reported to bugtraq by chet simpson on 12/5 remains unfixed.

marc

At 04:06 12/3/2003, Tri Huynh wrote:
>Yahoo Instant Messenger YAUTO.DLL buffer overflow
>=================================================
>
>PROGRAM: Yahoo Instant Messenger (YIM)
>HOMEPAGE: http://messenger.yahoo.com
>VULNERABLE VERSIONS: 5.6.0.1347 and below
>
>
>DESCRIPTION
>=================================================
>
>YIM is one of the most popular instant messenger. This is a cool product,
>that allows me to chat with my gf from a very long distant :-).
>
>
>DETAILS
>=================================================
>
>YAUTO.DLL is an ActiveX/COM component that comes with Yahoo
>Install Messenger. YAUTO.DLL is registered under a ProgID called
>"YAuto.NSAuto.1". In this component, there is a function named
>Open(String Url) that will cause a buffer overflow if argument Url is passed
>with
>a long string. Since this is an ActiveX component, the vulnerability can
>be exploited just by making a website with the correct CLSID of
>the ActiveX and call the function directly. We have successfully exploited
>the vulnerability by making a website that can download a trojan and
>execute it silently.
>
>
>
>WORKAROUND
>=================================================
>
>Yahoo has been contacted at enterprisesales_at_yahoo-inc.com (this
>is the only email that I can find on the Yahoo Messenger Site) but
>doesn't response after 1 month. The workaround solution is deleting
>the YAUTO.DLL file in your YIM directory.
>
>
>CREDITS
>=================================================
>
>Discovered by Tri Huynh from SentryUnion
>
>
>DISLAIMER
>=================================================
>
>The information within this paper may change without notice. Use of
>this information constitutes acceptance for use in an AS IS condition.
>There are NO warranties with regard to this information. In no event
>shall the author be liable for any damages whatsoever arising out of
>or in connection with the use or spread of this information. Any use
>of this information is at the user's own risk.
>
>
>FEEDBACK
>=================================================
>
>Please send suggestions, updates, and comments to: trihuynh_at_zeeup.com
Received on Dec 10 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]