Advertisement
Promo

Security threats Toolkit

Yahoo patches Messenger, Chat flaws

Evan Hansen CNET News

Published: 02 Jun 2003 07:49 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Yahoo on Friday issued security patches for its Yahoo Instant Messenger and Yahoo Chat clients in an effort to fix a buffer overflow vulnerability discovered in the software.

When users of the software log on to the IM network or enter a chat room, Yahoo is prompting them to install the patches. In addition, the company posted the patches on its Web site.

A buffer overflow is a common security vulnerability in computer programs written in C and C++ that allows more information to be added to a chunk of memory than it was designed to hold.

Buffer overflow attacks in Yahoo IM and Yahoo Chat could lead to a number of problems, according to a Yahoo representative. For example, people could be involuntarily logged out of an application. More seriously, it could allow the introduction of executable code, allowing a malicious programmer to take control of a user's machine, delete files and otherwise wreak havoc with a victim's computer system.

Such an attack could only happen if a victim were persuaded to view malicious HTML code, for example, by clicking on a link sent through IM that leads back to a Web page hosting the code. Yahoo said it was not aware of any IM or chat users compromised in this way.

A company representative said Yahoo was informed of the vulnerability by a member of the security community. Yahoo on Friday forwarded details of the vulnerabilities and their fixes to the Bugtraq security mailing list and Carnegie Mellon's CERT (Computer Emergency Response Team) security coordination centre.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
81 out of 149 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

4 comments

  1. I want to talk Anonymous
  2. I cannot see profiles when I chat in the new versi... Anonymous
  3. I can't log into yahoo chat, and when i do i go in... Russell Dempsey
  4. my yahoo profiles (yellow face) do not light... darren thompson

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters