1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Yahoo! Voice Chat ActiveX BO

HTTP Yahoo! Voice Chat ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow in a Yahoo ActiveX control which could result in remote code execution.

Additional Information

Yahoo! Messenger is a freely available chat client distributed and maintained by Yahoo! it is available for various operating systems.

The Audio Conferencing ActiveX control, which is contained in the 'yacscom.dll' library and shipped with Yahoo! Messenger, is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.

The vulnerable ActiveX control is identified by the CLSID of: {85A4A99C-8C3D-499E-A386-E0743DFF8FB7}.

When large values are passed to the 'createAndJoinConference()' method through the 'socksHostname' or 'hostname' parameters, a stack-based buffer-overflow occurs.

Invoking the object from a malicious website or HTML email may trigger the condition. If the vulnerability were successfully exploited, this would corrupt process memory, resulting in arbitrary code execution. Arbitrary code would run in the context of the client application using the affected ActiveX control.

Yahoo! Messenger versions released prior to March 13, 2007 are vulnerable to this issue.

Affected

  • Yahoo! Messenger 8.0 2005.1.1.4, 8.0, 8.1

Response

The vendor has released software updates to address this issue. Yahoo! Messenger versions that were obtained after March 13, 2007 are not vulnerable to this issue.

When users of the affected software sign into the Yahoo! service, they should be automatically prompted to install the fixes. Please see the references for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube