A new vulnerability in Yahoo's instant messenger program can potentially cause unwanted code to run on a PC, according to security researchers.
Details of the vulnerability were first posted on a Chinese-language security forum and was later confirmed with Yahoo security officials, wrote Wei Wang, a researcher with McAfee's Avert lab in Beijing, on a company blog.
Read the latest WhitePaper - FTP Use on the Rise
So far, no exploit code has been published, wrote Karthik Raman, also of McAfee.
The vulnerability affects Yahoo Messenger Version 8.1.0.413. It is triggered when a user accepts an invitation to use their Web camera. The type of vulnerability is called a heap overflow, where a piece of code can be executed with improper permissions, which can allow for further malicious behavior such as downloading other code, said Greg Day, a security analyst for McAfee.
McAfee is advising that people reject Web camera invitations until Yahoo issues a patch. Users can also block outgoing traffic on TCP Port 5100, which is affiliated with program's operation, Day said.
Yahoo could not be immediately reached for comment.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment