Critical Update for Yahoo! Messenger

Yahoo! Messenger users who inadvertently view malicious HTML code on an attacker's website. If your computer has installed Yahoo! Messenger before June 8, 2007, you should install the update. Those using Yahoo! Messenger knows that some user's just popup & put a Message asking to see their photos in the web link provided. Beware, its the strategy to put your system into securityJustify Full issues, commonly referred to as a buffer overflow, in an ActiveX control. This control is part of the software package downloaded with Yahoo! Messenger.

Some impacts of a buffer overflow might include the introduction of executable code, being involuntarily logged out of a Chat and/or Instant Messaging session, and the crash of an application such as Internet Explorer. For this specific security issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their web page.




It's advisable to update your Yahoo! Messenger to avoid any untoward incident to your computer. If you are technical user, to fix this issue, the CLSID and exact version of the control that contains the fix are
There are two CLSID being affected. The first CLSID is DCE2F8B1-A520-11D4-8FD0-00D0B7730277 and the version is 2.0.1.4. The second CLSID is 9D39223E-AE8E-11D4-8FD3-00D0B7730277 and the version is 2.0.1.4.

All New Yahoo! Messenger obtained before June 8, 2007 on a Windows PC are recommended to be updated.

No comments: