| ||||||
 |
| | LinkBack | Thread Tools | Display Modes |
|
#1
09-20-2007, 09:42 PM
| ||||
| ||||
Yahoo Messenger hit with ninth zero-day exploit of the year server: winbeta.org - 20.09.2007 Attack code that targets Yahoo Messenger has been published on the Internet, a security researcher warned today, marking the ninth exploit aimed at the popular instant messaging software so far this year. In a posting to the milw0rm.com Web site, someone identified as "shinnai" disclosed malicious Visual Basic code that allegedly lets attackers feed any file to users of the latest version of Messenger. The exploit code successfully executes on a fully-patched PC running Windows XP SP2, shinnai said, although the effect depends on the security settings of Internet Explorer (IE). According to an e-mail alert from nCircle Network Security Inc., hackers armed with the exploit could force-feed malware such as a Trojan horse to vulnerable users. It was nCircle that pegged the latest zero-day threat against Messenger as No. 9 for the year. ------------- Just noted in other news releases this affects AOL Messenger also. The exploit on the AIM side isn't terribly severe, at least according to Secunia, whom is rating the AIM exploit as “Less Critical”. It can be exploited if you accept anonymous messages, so disable those if you are concerned about the issue. For Yahoo, it's a bit bigger of an issue. This is not good news for YIM, which is now dealing with the third severe hole found in the past three months. Example code is linked which can demonstrate the vulnerability, and it could easily lead to a machine being compromised
__________________ The only Stupid Question is the one you failed to Ask! Beta Tester since Pre Win 95. Last edited by Snuffy : 09-20-2007 at 09:57 PM.       |
Yahoo Messenger exploited | Sponsored Links |
|
#2
09-20-2007, 10:10 PM
| ||||
| ||||
| Ninth Zero Day? What that mean? |
|
#3
09-20-2007, 10:15 PM
| ||||
| ||||
Please read the above post slowly/carefully... it explains it (IMHO) rather clearly. Its dangerous.
__________________ The only Stupid Question is the one you failed to Ask! Beta Tester since Pre Win 95. |
|
#4
09-20-2007, 10:29 PM
| ||||
| ||||
| Ah 9th attack thanks lol see my thread if u can? |
|
#5
09-21-2007, 05:06 AM
| ||||
| ||||
| I've stayed away from instant messaging because there are always new security concerns coming up. That's really too bad, because it would be so cool to be able to IM and know that it was and would stay secure. Scary stuff all over the place these days. |
|
#6
09-21-2007, 09:08 PM
| ||||
| ||||
| Ill second that. |
Linear Mode
