Yahoo Messenger is the most popular and widely used instant messaging client in the world with a very large userbase. But, recently security firm Secunia has discovered a flaw in the Yahoo’s IM client. According to Secunia this flaw is highgly critical. A person with malicious intent can easily gain a control over the compromised system & can control it remotely.

According to Secunia ” The vulnerability is caused due to a boundary error within the AudioConf ActiveX control (yacscom.dll) component of Yahoo! Messenger. This can be exploited to cause a stack-based buffer overflow by setting the “socksHostname” and “hostName” properties to an overly large string and then calling the “createAndJoinConference()” method.”

The versions of Yahoo Messenger that can be infected are 5.x, 6.x, 7.x and 8.x. This flaw can be exploited when a user visits a website containing the infected script. The only solution of this problem is to update to the latest version of Yahoo Messenger.

This entry was posted on Wednesday, April 4th, 2007 at 4:46 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.