SecurityHome.eu WSLabs, Malicious Web site / Malicious Code: Yahoo! Messenger Exploits In-The-Wild

Home / mailings PDF

WSLabs, Malicious Web site / Malicious Code: Yahoo! Messenger Exploits In-The-Wild
Posted on 11 June 2007
Websense Security Lab
Full proof-of-concept exploit code was published several days ago for two vulnerabilities in an ActiveX control included with Yahoo! Messenger. Multiple in-the-wild exploits were discovered yesterday, utilizing this vulnerability. Our scanners are now actively searching for additional live sites that are attempting to exploit this vulnerability.

Yahoo! has released a security update to address this vulnerability. Additional details can be found at the following URL:

http://messenger.yahoo.com/security_update.php?id=060707

Further details regarding the first in-the-wild site to the discovered were posted to the ISC Diary:

http://isc.sans.org/diary.html?storyid=2952

For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=780

TOP

Mailings :

Last 20

Exploits :

Last 20