Yahoo! Messenger YAUTO.DLL ActiveX Component Remote Overflow

2003-12-03T06:32:28
ID OSVDB:2894
Type osvdb
Reporter Tri Huynh(trihuynh@zeeup.com)
Modified 2003-12-03T06:32:28

Description

Vulnerability Description

A remote overflow exists in Yahoo! Messenger. The 'Open()' function in the 'YAUTO.DLL' ActiveX component fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted URL request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Yahoo! has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Yahoo! Messenger. The 'Open()' function in the 'YAUTO.DLL' ActiveX component fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted URL request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://messenger.yahoo.com/ Vendor Specific Advisory URL Security Tracker: 1008362 Secunia Advisory ID:10342 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/3206.html ISS X-Force ID: 13889 Bugtraq ID: 9145