Arbitrary remote code execution vulnerabilities affecting the ActiveX control associated with Yahoo! Messenger's support for webcams (ywcvwr.dll). Multiple derivatives of the vulnerabilities have been disclosed, complete with exploit code. Specifically, the vulnerabilities appear to be buffer overflows and can be triggered by the victim visiting a malicious web page. The ywcupl.dll is also vulnerable to remote code execution attacks.

Description:

Multiple vulnerabilities have been discovered and disclosed affecting the Yahoo! IM software for Windows. Specifically, the vulnerabilities affect the support for webcams from within Yahoo! Messenger. Using the exploits that have already been circulated, it is possible for an attacker to run software of their choice on a victim's system.

Mitigation:

Update to the latest Yahoo! Messenger version. Advanced users and administrators may consider setting the killbit for the vulnerable ActiveX controls (clsid:DCE2F8B1-A520-11D4-8FD0-00D0B7730277), and (clsid:9D39223E-AE8E-11D4-8FD3-00D0B7730277)

Updates:

http://messenger.yahoo.com

Source:

Danny (server.exception < at > yahoo.com)

Exploits:

http://milw0rm.com/exploits/4042 http://milw0rm.com/exploits/4043

Not Yet Identified