Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account

Remote denial of


  • Please log in to reply

#1
Guest_thatman_*

Guest_thatman_*
  • Guest
- Remote denial of service in Yahoo! Messenger -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, May 19, 2005 - A vulnerability has been reported in Yahoo! Messenger that could lead to a denial of service, with remote attackers being able to disconnect users from Chat sessions. The advisory is available at http://www.securitea...5HP0H20FPE.html.

The problem lies in the way that Yahoo! Messenger processes arguments in YMSGR: URL handler links. An attacker modifying the links with certain characters after the colon could create malformed packets to send to Yahoo! YMSG servers. When these packets are sent, Yahoo! will immediately disconnect users from the chat session.

The problem affects Yahoo! Messenger versions 5.0 and 6.0 and all details have been published along with proof of concepts with malicious urls that could disconnect a user.

The recommended workaround is to eliminate the registry key: "HKEY_CLASSES_ROOT\ymsgr\shell\open\command" la cadena "c:\progra~1\yahoo!\messenger\ypager.exe %1".

NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.
  • 0

Advertisements


#2
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
I feel this is important enough for all members of the Geekstogo to see. so I have moved it to the news and updates site.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP