Yahoo! chat bug gives scope for mischief

Remote disconnect risk

Security researchers have discovered a denial of service vulnerability involving Yahoo!'s popular instant messaging client. Hackers can potentially disconnect users from chat sessions by sending malformed packets to Yahoo! Messenger servers. The flaw stems from a glitch in processing routines used to process URL handler links, as explained in a SecuriTeam advisory (containing "proof of concept" demos) here.

The bug affects Yahoo! Messenger versions 5.0 and 6.0. Yahoo! is yet to issue a patch. But don't panic: although the flaw provides plenty of scope for mischief it doesn't by itself offer a way to take over vulnerable systems. SecuriTeam's suggested workaround - involving editing Registry setting - ought to be treated with caution since bungling this process can leave novices with an inoperable machine. Less experienced PC users might do better to wait for a patch from Yahoo! rather than fiddling around under the bonnet of their PCs. ®

Related stories

Yahoo! IM! in! flaw! flap!
Yahoo! fixes Web mail vuln
Latest MyDoom hunts victims via Yahoo!
Yahoo! has minimal spyware, adware revs streams

Sponsored: 10 ways wire data helps conquer IT complexity