<<< Date Index >>>     <<< Thread Index >>>

Re: Yahoo Instant Messenger YAUTO.DLL buffer overflow



yahoo claims to have fixed this problem.  latest version is now 5.6.0.1356.

see http://messenger.yahoo.com/security/update4.html

afaik, the "Yahoo Messenger Flaw allows injection of JavaScript into IM Windows" problem reported to bugtraq by chet simpson on 12/5 remains unfixed.

marc

At 04:06 12/3/2003, Tri Huynh wrote:
>Yahoo Instant Messenger YAUTO.DLL buffer overflow
>=================================================
>
>PROGRAM: Yahoo Instant Messenger (YIM)
>HOMEPAGE: http://messenger.yahoo.com
>VULNERABLE VERSIONS: 5.6.0.1347 and below
>
>
>DESCRIPTION
>=================================================
>
>YIM is one of the most popular instant messenger. This is a cool product,
>that allows me to chat with my gf from a very long distant :-).
>
>
>DETAILS
>=================================================
>
>YAUTO.DLL is an ActiveX/COM component that comes with Yahoo
>Install Messenger. YAUTO.DLL is registered under a ProgID called
>"YAuto.NSAuto.1". In this component, there is a function named
>Open(String Url) that will cause a buffer overflow if argument Url is passed
>with
>a long string. Since this is an ActiveX component, the vulnerability can
>be exploited just by making a website with the correct CLSID of
>the ActiveX and call the function directly. We have successfully exploited
>the vulnerability by making a website that can download a trojan and
>execute it silently.
>
>
>
>WORKAROUND
>=================================================
>
>Yahoo has been contacted at enterprisesales@xxxxxxxxxxxxx (this
>is the only email that I can find on the Yahoo Messenger Site) but
>doesn't response after 1 month. The workaround solution is deleting
>the YAUTO.DLL file in your YIM directory.
>
>
>CREDITS
>=================================================
>
>Discovered by Tri Huynh from SentryUnion
>
>
>DISLAIMER
>=================================================
>
>The information within this paper may change without notice. Use of
>this information constitutes acceptance for use in an AS IS condition.
>There are NO warranties with regard to this information. In no event
>shall the author be liable for any damages whatsoever arising out of
>or in connection with the use or spread of this information. Any use
>of this information is at the user's own risk.
>
>
>FEEDBACK
>=================================================
>
>Please send suggestions, updates, and comments to: trihuynh@xxxxxxxxx