More on the Yahoo! IM Webcam 0day Exploit

This forum is for related Instant Messaging threats for all IM clients

Moderators: Admin Team, Moderators

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

More on the Yahoo! IM Webcam 0day Exploit

Postby TeMerc » Wed Aug 15, 2007 10:20 am

Earlier today Karthik had blogged about details of a new zero day in Yahoo! Messenger being published on some security forums in China, we got a chance to dig a bit deeper into this and were able to reproduce the vulnerability on Yahoo! Messenger version 8.1.0.413 based on the information provided in the forum. It seems like a classic heap overflow which can be triggered when the victim accepts a webcam invite. Note that this vulnerability is different from the recently patched one in June which exploited the Yahoo! Webcam ActiveX controls.
nwz Avert Labs Blog
Image

Return to “IM Threat Center”

Who is online

Users browsing this forum: No registered users and 1 guest