1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Yahoo! Messenger CYFT Ctrl GetFile

HTTP Yahoo! Messenger CYFT Ctrl GetFile

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to download arbitrary files using Yahoo! Messenger's vulnerable CYFT ActiveX control.

Additional Information

Yahoo! Messenger CYFT ActiveX control is prone to an arbitrary-file-upload vulnerability because it fails to adequately sanitize user-supplied input.

This issue affects the 'GetFile()' method of the 'ft60.dll' CYFT Object. This control is identified by CLSID: 24F3EAD6-8B87-4C1A-97DA-71C126BDA08F.

Successfully exploiting this issue allows an attacker to upload malicious files to an arbitrary location on a victim's computer; the files will have the permissions of the application using the ActiveX control (typically Internet Explorer).

Yahoo! Messenger 8.1.0.421 is vulnerable; other versions may also be affected.

Affected

  • Yahoo! Messenger 8.1.421
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube