Within a week after its previous security update, Yahoo has now come up with another security fix. This update patches a stack overflow in one of the activex controls related to Yahoo Messenger. According to analysis by iDefense.
It is important to note that functions within this class can only be called if the control believes it is being run from the yahoo.com domain. In order for this exploit to be triggered an attacker would either have to leverage a Cross-Site Scripting vulnerability in the yahoo.com domain, or be able to control the targeted user's DNS resolution
Yahoo's advisory related to this vulnerability could be found at http://messenger.yahoo.com/security_update.php?id=082907
Patched version of Yahoo Messenger is available at http://messenger.yahoo.com/download.php.
No comments:
Post a Comment