WatchGuard Wire
Improve Your Security IQ
Unexpected Webcam invitations mean trouble for Yahoo! Messenger users
If you use Yahoo! Messenger, you should avoid accepting random Webcam invites; no matter how pretty the girl says she is.
According to a Chinese security forum post
(later verified by
McAfee), Yahoo! Messenger version 8.1.0.413 suffers from a zero day heap buffer
overflow vulnerability that could allow remote attackers to gain control of your PC. The flaw most likely
affects earlier versions of Yahoo! Messenger as well.
The buffer overflow flaw lies specifically within Messenger's webcam ActiveX
control (ywcvwr.dll). If an attacker can entice you into accepting a Webcam
invite, he can exploit this flaw to execute code on your computer, with your
privileges. If you're a local admin, like most Windows users, your PC gets pwnd.
Yahoo! Messenger suffered from a similar Webcam-related vulnerability
(subscription required) last June as well.
Since the Chinese researcher who found the flaw didn't report it to Yahoo,
Yahoo hasn't had time to release a patch yet. McAfee did report
the flaw to Yahoo after confirming it, so hopefully we'll get a patch soon.
Meanwhile, if you use Messenger, don't accept unexpected Webcam invites. McAfee's
blog post also suggests you should block outgoing traffic on TCP port 5100;
your WatchGuard Firebox will help. I'll release a more detailed advisory to
LiveSecurity and LiveSecurity Informer subscribers once we have more
details and Yahoo releases their patch. --Corey
Nachreiner, CISSP
Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.
|
