 |
|
|
Beware with whom are you sharing the webcam on the Yahoo
Messenger IM client. It might a friend, but it can be an intruder who wants to control
your PC, by taking advantage of the latest vulnerability reported in Yahoo Messenger
by McAfee.
The zero-day bug in Yahoo Messenger was reported for the
first time by one of the McAfee’s Chinese security researchers.
The vulnerability was confirmed by McAfee on their AvertLabs
blog. "It seems like a classic heap overflow which can be triggered when
the victim accepts a webcam invite," Wei Wang, a security researcher at
McAfee. "Note that this vulnerability is different from the recently
patched one in June which exploited the Yahoo webcam ActiveX controls."
Wang is speaking about a vulnerability reported by the security
firm eEye Digital Security, which was quickly fixed by Yahoo in the Version
8.1.0.401.
McAfee notified Yahoo about their finding, but until the
company will issue a patch the users are being urged to protect themselves by not
accepting webcam invites from untrusted sources.
Also, "it's advisable to block outgoing traffic on TCP
port 5100 until the vendor patches this vulnerability," Wang added.
"To mitigate this, we're releasing our NIPS IntruShield signatures today
to protect Yahoo Messenger users from this threat. We shall keep on monitoring
this threat and update if we come across anything."
© 2007 - 2008 - eFluxMedia
