Yahoo! IM! in! flaw! flap!

Its buffer floweth over

Tue 13 Jan 2004 // 16:50 UTC

Older versions of Yahoo! Messenger are subject to a security flaw that could allow crackers to run hostile code on vulnerable systems, according to security researchers.

The vulnerability stems from a buffer overflow bug in versions of Yahoo! Messenger earlier than 5.6.0.1351. The latest version (5.6.0.1358) of Yahoo! Messenger is immune to the problem but users of earlier versions reportedly cannot upgrade to the new version unless they reinstall the product.

Security researcher Tri Huynh of SentryUnion discovered the vulnerability. His advisory explains that flaw stems from a failure of earlier versions of Yahoo! Messenger in downloading files with excessively long file names.

This poor coding creates a means for malicious coders to crash machines running the application or run arbitrary code of vulnerable boxen, as explained here. ®

More about

TIP US OFF

Send us news

Topics

Special Features

Vendor Voice

Resources

Security

Yahoo! IM! in! flaw! flap!

Its buffer floweth over

More about

TIP US OFF

Other stories you might like

Google squashes AI teams together in push for fresh models

SpaceX, Northrop Grumman reportedly working on US spy sat program

Sacramento airport goes no-fly after AT&T internet cable snipped

Industrial systems integrating digitalisation

NASA solar sail to be Siriusly visible in orbit from Earth

Qt Ubuntu 24.04 betas show that there's room to innovate

AI energy draw from Chicago datacenters to rise ninefold

WhatsApp, Threads, more banished from Apple App Store in China

Unintended acceleration leads to recall of every Cybertruck produced so far

A quarter of 5-7 year olds now use smartphones, says regulator

Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals

Germany cuffs alleged Russian spies over plot to bomb industrial and military targets

About Us

Our Websites

Your Privacy