Alerts
Alerts
Zero-Day Tracker
Common Name:
Yahoo! Messenger Webcam Heap Overflow
Date Disclosed:
8/12/2007
Date Patched:
8/21/2007
Vendor:
Yahoo!, Inc
Application:
Yahoo! Messenger 8.1.0.413
Description:
A zero-day vulnerability has been publicly documented. This vulnerability lies in the Yahoo! Messenger Webcam component. If an attacker is able to convince a victim to accept an incoming Webcam request, the attacker is then able to run code upon that remote victims host. However, do to the nature of this vulnerability, an attacker is only able to leverage it against victims that accept the webcam request.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
Although this vulnerability has a high impact, because of the level of interaction needed by a victim to accept a webcam invite, the impact will be somewhat limited. A more critical scenario is generated when clients are running with administrator-level privileges on their local hosts, which would run the malicious payload with Administrator credentials.
Mitigation:
Now that a patch is released, the best form of mitigation is to install the patch from Yahoo!.
Prior to the patch, network administrators could block this attack by disabling the network interface necessary by the webcam protocol by blocking TCP/5100 at the gateway.
Protection:
Patch:
Yahoo! Advisory: Yahoo! Webcam
Links:
Original Vulnerability Disclosure
Status:
8/12/2007: Vulnerability / Reproduction Details Released
8/21/2007 Vendor-Supplied Patch Available
Common Name:
Yahoo! Messenger Webcam Heap Overflow
Date Disclosed:
8/12/2007
Date Patched:
8/21/2007
Vendor:
Yahoo!, Inc
Application:
Yahoo! Messenger 8.1.0.413
Description:
A zero-day vulnerability has been publicly documented. This vulnerability lies in the Yahoo! Messenger Webcam component. If an attacker is able to convince a victim to accept an incoming Webcam request, the attacker is then able to run code upon that remote victims host. However, do to the nature of this vulnerability, an attacker is only able to leverage it against victims that accept the webcam request.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
Although this vulnerability has a high impact, because of the level of interaction needed by a victim to accept a webcam invite, the impact will be somewhat limited. A more critical scenario is generated when clients are running with administrator-level privileges on their local hosts, which would run the malicious payload with Administrator credentials.
Mitigation:
Now that a patch is released, the best form of mitigation is to install the patch from Yahoo!.
Prior to the patch, network administrators could block this attack by disabling the network interface necessary by the webcam protocol by blocking TCP/5100 at the gateway.
Protection:
- eEye's Blink® Personal Edition protects from this vulnerability.
- eEye's Blink® Professional Edition protects from this vulnerability.
- eEye's Retina® Network Security Scanner scans devices to detect for this vulnerability.
Patch:
Yahoo! Advisory: Yahoo! Webcam
Links:
Original Vulnerability Disclosure
Status:
8/12/2007: Vulnerability / Reproduction Details Released
8/21/2007 Vendor-Supplied Patch Available
