daem0n
14-08-2004, 16:02
Description:
Tri Huynh has reported a vulnerability in Yahoo! Messenger, allowing malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when handling the filename parameter. An overly long, maliciously crafted filename causes a buffer overflow, which potentially allows execution of arbitrary code with the privileges of the current user.
The vulnerability has been reported in version 5.6.0.1351 and prior.
Solution:
The vendor has reportedly fixed the vulnerability silently in version 5.6.0.1358.
NOTE: It is necessary to manually delete any old version and install version 5.6.0.1358, because no update function is available.
Provided and/or discovered by:
Tri Huynh, SentryUnion.
Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
TriHuynh dzữ dzằn thiệt ta ơi!
Tri Huynh has reported a vulnerability in Yahoo! Messenger, allowing malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when handling the filename parameter. An overly long, maliciously crafted filename causes a buffer overflow, which potentially allows execution of arbitrary code with the privileges of the current user.
The vulnerability has been reported in version 5.6.0.1351 and prior.
Solution:
The vendor has reportedly fixed the vulnerability silently in version 5.6.0.1358.
NOTE: It is necessary to manually delete any old version and install version 5.6.0.1358, because no update function is available.
Provided and/or discovered by:
Tri Huynh, SentryUnion.
Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
TriHuynh dzữ dzằn thiệt ta ơi!