Yahoo! Audio Conferencing ActiveX Control Overflow

2003-05-30T17:39:03
ID OSVDB:4651
Type osvdb
Reporter Caesar(cesarc56@yahoo.com)
Modified 2003-05-30T17:39:03

Description

Vulnerability Description

Yahoo! Audio Conferencing contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to an unchecked buffer in the Audio Conferencing ActiveX Control. If an attacker sends a specially crafted request, they may be able to overflow the buffer and execute arbitrary code.

Technical Description

Yahoo! Audio Conferencing ActiveX Control is used in Yahoo! Messenger and Yahoo! Chat.

Solution Description

Upgrade to version 1,0,0,45 or higher (pushed automatically upon connection), as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround:

The control can be disabled by removing the object from the Internet Explorer "Downloaded Program Files" cache and, if Yahoo! Messenger is installed, going into the Yahoo! Messenger directory (by default, C:\Program Files\Yahoo!\Messenger) and running the following command:

regsvr32 /u yacscom.dll

Short Description

Yahoo! Audio Conferencing contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to an unchecked buffer in the Audio Conferencing ActiveX Control. If an attacker sends a specially crafted request, they may be able to overflow the buffer and execute arbitrary code.

References:

Vendor Specific Advisory URL Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-05/0353.html Keyword: chat Keyword: instant messenger Keyword: Yahoo Keyword: activex Keyword: audio Keyword: 2B323CD9-50E3-11D3-9466-00A0C9700498 ISS X-Force ID: 12130 CVE-2003-1129 Bugtraq ID: 7561