Recommendation

Yahoo! Messenger ActiveX Control Buffer Overflows

By brokencode ⋅ September 2, 2007 ⋅  Email This Post ⋅  Print This Post ⋅ Post a comment

I have typed so many words before these below due to this issued, in the middle I tested the script and I got hedged ! So, if you want to approve it, tested here : http://www.brokencode.biz/ym.html <<< JANGAN DIKLIK ! I have warned you !

Yahoo! recently identified a security issue, commonly referred to as a buffer overflow in an ActiveX control. This control is part of the Yahoo! services suite typically downloaded with the installer for Yahoo! Messenger. Yahoo! has relationships with third-party security organizations and researchers. iDefense Labs informed Yahoo! of this particular security issue. Some impacts of a buffer overflow might include involuntary log out of a Yahoo! Chat and/or Yahoo! Messenger session, the crash of an application such as Internet Explorer, and in some instances, the introduction of executable code. In this case, these problems could only happen if an attacker successfully lured the Yahoo! Messenger user to view malicious HTML code, most likely by getting a person to visit the attacker’s web page. To our knowledge, there have been no known malicious executable code exploits related to this issue. If your computer has installed Yahoo! Messenger before August 29, 2007, you should install the update.

The CLSID is 64AA7031-C150-4118-8D31-FD273A2BB22C and the version 2007.8.27.1 or above. MITRE has assigned CVE-2007-4515 to track this issue.

That functions within this class can only be called if the control believes it is being run from the yahoo.com domain. -> I used “Simple DNS Plus” for manipulating the DNS resolution.

Functions : fvcom or info;
RegKey Safe for Script: True
RegKey Safe for Init: True
-> that functions are safely scriptable and exploitable by HeapSpray Technique.
coder : minhbq

Tags: experiment, General Info, Hacking, Recommendation, sharing internet