Jump to content


Photo

Yahoo! Messenger multiple vulns - unpatched


  • Please log in to reply
3 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,569 posts

Posted 07 June 2007 - 06:19 AM

FYI...

- http://secunia.com/advisories/25547/
Release Date: 2007-06-07
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Yahoo! Messenger 8.x
...Successful exploitation of the vulnerabilities allows execution of arbitrary code.
The vulnerabilities are confirmed in version 8.1.0.249. Other versions may also be affected.
Solution: Set the kill-bit for the affected ActiveX controls...
Original Advisory:
http://lists.grok.or...une/063817.html
http://lists.grok.or...une/063819.html ..."

(-Or- Do not use the app until a patch/fix is released, which should be coming in short order.)

.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,569 posts

Posted 08 June 2007 - 06:03 AM

FYI...

- http://secunia.com/advisories/25547/
Last Update: 2007-06-08...
Solution: Update to the latest version.
http://messenger.yahoo.com ...
Changelog: 2007-06-08: Updated "Solution" section. Added vendor link.
Original Advisory: Yahoo:
http://messenger.yah...e.php?id=060707 ..."

- http://www.f-secure....7.html#00001208
June 8, 2007 ~ "...Very accurate and script-kiddie-friendly exploits are publicly available for both vulnerablities. It is possible that crimeware distributors will start exploiting this for drive-by downloads. Therefore, please install the latest upgraded version of Yahoo Messenger (ver 8.1.0.401) as soon as possible..."

> http://www.us-cert.g...ploit_for_yahoo
updated June 8, 2007

.

Edited by apluswebmaster, 08 June 2007 - 09:06 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,569 posts

Posted 10 June 2007 - 04:45 AM

FYI...

Yahoo! Messenger exploits seen in the wild
- http://isc.sans.org/...ml?storyid=2952
Last Updated: 2007-06-10 01:42:13 UTC ~ "Just three days after the PoCs for 2 Yahoo! Messenger vulnerabilities have been posted ( http://isc.sans.org/...ml?storyid=2943 ), we’ve been informed by Roger C. from the Malware-Test Lab about a site hosting exploits for the mentioned vulnerabilities. The exploit is referenced the standard way – an iframe points to the web site hosting the exploit (n.88tw.net). The exploit has been pretty simply obfuscated. One thing that makes it easier to identify is the object creation – for some reason attackers left it outside of the obfuscated string so it is very easy to spot:

<object classid="clsid:DCE2F8B1-A520-11D4-8FD0-00D0B7730277" id='viewme'></object>

Practically the only difference from the published PoC is the objects name – in this case it is, as you can see above, “viewme”, while the object name in the originally published PoC was “target”. The rest is very much the same, apart from the attached shellcode. The shellcode in the sample we analyzed downloaded another dropper (of course), and this second component wasn’t detected by any AV vendor on the VirusTotal site when we tested it (!!). This dropper downloaded further components, of which one was called 5in1.exe – we haven’t analyzed this yet but judging just by the file name, it doesn’t sound good.
Mitigation
As you are probably aware, Yahoo! provided a fix practically only couple of hours after the PoCs have been posted online (kudos to Yahoo! for this). If you are using Yahoo! Messenger you should upgrade as soon as possible..."

Yahoo! Messenger 8.1.0.401 - (w/o the Yahoo toolbar)
- http://www.majorgeek...nger_d4235.html
(click on "Free Downloads From: "Author's Site")
Date: 2007-06-08 / ymsgr810_401_us.exe

> http://www.us-cert.g...ploit_for_yahoo
updated June 8, 2007

.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#4 hornet777

hornet777

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 607 posts

Posted 10 June 2007 - 10:17 PM

who knows better the flaws of M$'s html engine? a yahoo cracker: Messy sits astride IE, which is why yahElite is safer and more stable (its freeware too)
After all is invested in correctness, then how does it stand with truth?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button