Yahoo! Messenger Webcam Viewer ActiveX Control Buffer Overflow Vulnerability
BID:24355
Info
Yahoo! Messenger Webcam Viewer ActiveX Control Buffer Overflow Vulnerability
| Bugtraq ID: | 24355 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-3148 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 06 2007 12:00AM |
| Updated: | Nov 03 2007 12:06AM |
| Credit: | Danny <[email protected]> and eEye Digital Security independently discovered this vulnerability. |
| Vulnerable: |
Yahoo! Webcam ActiveX Control 2.0.1 .4 Yahoo! Messenger 8.0.1 Yahoo! Messenger 8.0 Yahoo! Messenger 8.0.0.863 Yahoo! Messenger 8.0 2005.1.1.4 |
| Not Vulnerable: |
Yahoo! Messenger 8.1 |
Discussion
Yahoo! Messenger Webcam Viewer ActiveX Control Buffer Overflow Vulnerability
Yahoo! Messenger Webcam Viewer ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of applications that use the affected control (typically Internet Explorer).
Yahoo! Messenger 8.0.1 is considered vulnerable; other versions may also be affected.
DeepSight has identified this issue as being actively exploited in the wild in at least one website. The 'n.88tw.net' website is known to be hosting an exploit for this issue.
Yahoo! Messenger Webcam Viewer ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of applications that use the affected control (typically Internet Explorer).
Yahoo! Messenger 8.0.1 is considered vulnerable; other versions may also be affected.
DeepSight has identified this issue as being actively exploited in the wild in at least one website. The 'n.88tw.net' website is known to be hosting an exploit for this issue.
Exploit / POC
Yahoo! Messenger Webcam Viewer ActiveX Control Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
This issue is currently being exploited in the wild.
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploits are available:
To exploit this issue, an attacker must entice an unsuspecting user to access a malicious webpage.
This issue is currently being exploited in the wild.
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploits are available:
Solution / Fix
Yahoo! Messenger Webcam Viewer ActiveX Control Buffer Overflow Vulnerability
Solution:
The vendor has released an update to address this issue. Contact the vendor for details on obtianing the appropriate updates.
Solution:
The vendor has released an update to address this issue. Contact the vendor for details on obtianing the appropriate updates.
References
Yahoo! Messenger Webcam Viewer ActiveX Control Buffer Overflow Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Yahoo! Messenger Homepage (Yahoo!)
- Yahoo! Webcam ActiveX Controls (Yahoo!)
- Yahoo! Webcam ActiveX Controls Multiple Buffer Overflows (eEye Digital Security)
- Vulnerability Note VU#932217 - Yahoo! Webcam view utilities ActiveX control vuln (US-CERT)