Yahoo Messenger Hole Found A vulnerability in Yahoo's IM program could allow an intruder's code to run on a PC. Jeremy Kirk, IDG News Service
gram can potentially cause unwanted code to run on a PC, according to security researchers. Details of the vulnerability were first posted on a Chinese-language security forum and was later confirmed with Yahoo security officials, wrote Wei Wang , a researcher with McAfee Inc. 's Avert lab in Beijing , on a company blog. So far, no exploit code has been published, wrote Karthik Raman , also of McAfee. The vulnerability affects Yahoo Messenger version 8.1.0.413. It is triggered when a user accepts an invitation to use their Web camera. The type of vulnerability is called a heap overflow, where a piece of code can be executed with improper permissions, which can allow for further malicious behavior such as downloading other code, said Greg Day , a security analyst for McAfee in the U.K. McAfee is advising that people reject Web camera invitations until Yahoo issues a patch. Users can also block outgoing traffic on TCP port 5100, which is affiliated with program's operation, Day said. Yahoo could not be immediately reached for comment. http://www.pcworld.com/article/id,135988-pg,1/article.html Vikas Kapoor, MSN Id:[EMAIL PROTECTED], Yahoo+Skype Id: dl_vikas, Mobile: (+91) 9891098137. To unsubscribe send a message to [EMAIL PROTECTED] with the subject unsubscribe. To change your subscription to digest mode or make any other changes, please visit the list home page at http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in
