Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Remote denial of

  • Please log in to reply


  • Guest
- Remote denial of service in Yahoo! Messenger -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, May 19, 2005 - A vulnerability has been reported in Yahoo! Messenger that could lead to a denial of service, with remote attackers being able to disconnect users from Chat sessions. The advisory is available at http://www.securitea...5HP0H20FPE.html.

The problem lies in the way that Yahoo! Messenger processes arguments in YMSGR: URL handler links. An attacker modifying the links with certain characters after the colon could create malformed packets to send to Yahoo! YMSG servers. When these packets are sent, Yahoo! will immediately disconnect users from the chat session.

The problem affects Yahoo! Messenger versions 5.0 and 6.0 and all details have been published along with proof of concepts with malicious urls that could disconnect a user.

The recommended workaround is to eliminate the registry key: "HKEY_CLASSES_ROOT\ymsgr\shell\open\command" la cadena "c:\progra~1\yahoo!\messenger\ypager.exe %1".

NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.
  • 0




    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
I feel this is important enough for all members of the Geekstogo to see. so I have moved it to the news and updates site.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP