Full Disclosure mailing list archives
Another Yahoo! ActiveX hole
From: Cesar <cesarc56 () yahoo com>
Date: Tue, 16 Sep 2003 19:21:26 -0700 (PDT)
Some weeks ago i found another hole in a Yahoo! ActiveX, i haven't told Yahoo! yet about this and i just noticed this: Yahoo! silently (Yahoo! didn't post any kind of alert) fixed another hole in "YInstStarter Class" ActiveX (heap overflow in "AppId" initialization parameter), this ActiveX is installed in order to download Yahoo! Messanger. If you have downloaded Yahoo! Messenger before 09/09/03 then you are vulnerable and you should remove the ActiveX or go to Yahoo! Messenger download site and update the ActiveX. To remove the ActiveX: -Go to: %SystemRoot%\Downloaded Program Files\ -Right Click on: YInstStarter Class -Left Click: Remove I thought Yahoo! was serious about security!!! Doh!!! i have Yahoo! emails accounts:) To reproduce the overflow just copy and paste the following: <OBJECT ID='YInstStarter' CLASSID='CLSID:30528230-99F7-4BB4-88D8-FA1D4F56A2AB'
<PARAM NAME='AppId' Value='verylongstringhere'>
<PARAM NAME="Test" Value="0"><!--not necessary, but what this does here!!! Test?--> </OBJECT> Cesar. __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Another Yahoo! ActiveX hole Cesar (Sep 16)