Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Critical Bugs Discovered In Yahoo Messenger

Yahoo is working on a patch for critical Yahoo Messenger vulnerabilities that could enable a remote hacker to take control of a user's system.

Researchers at eEye Digital Security found the bugs within the last few weeks and reported them to Yahoo on Wednesday, according to Marc Maiffret, co-founder and CTO of the security company. eEye's researchers say there actually are multiple flaws in version 8 of Yahoo's instant messenger client software.

The company gave the bugs its highest security threat rating. "If you're running this, your system could be compromised," said Maiffret. "It allows for remote [code] execution."

"We recently learned of a buffer overflow security issue in an ActiveX control," a Yahoo spokeswoman said in an e-mail to InformationWeek. "This control is part of the code for Web cam image upload and viewing. Upon learning of this issue, we began working towards a resolution and expect to have a fix shortly."

Maiffret was careful not to give out too much information about the flaw until Yahoo can issue a patch for it. However, he would say that for the vulnerability to cause a problem, the user would have take some kind of action.

  • 1