Posted on 5/28/2002


The latest version of the popular Yahoo Instant Messenger (YIM) software has been hit by multiple vulnerabilities which may allow an attacker to hijack another user's machine.
Because of the popularity of the software, the vulnerabilities may put as many as 60 million users at risk.

According to security researcher Phuong Nguyen, of security firm Vice Consulting, the flaws allow unauthorised execution of programs on an instant messenger user's machine via buffer overflows or injections of Java or Visual Basic script in the instant messenger content tabs.

"The net impact is to allow a relatively simple opportunity to hijack users' YIM client outright, and use it to attack or intrude into YIM users' supposedly private information systems," said Nguyen.

Nguyen explained that potential attackers could use the exploits to request a YIM user's ID and password and send it to an email address or internet URL, with minimum user intervention required.

Full Article:
http://www.vnunet.com/News/1132167