on the local machine
Application affected: Yahoo! Messenger ver. 5.x - 6.0 (all builds) Windows, *Nix/Mac
? (not tested)
Proof-of-Concept included: Yes
Fix Available: Yes (temporary)
Description: By activating the ''Logfile'' feature in Yahoo! Messenger a person (perhaps unauthorized) is able to secretly log and view virtually all communications sent and received by Yahoo! Messenger from all IDs logged into Messenger on the local computer. Awareness of this logging is virtually none unless this feature is exclusively known about beforehand by the users and they know exactly where to look for the feature's presence (not likely). When using this feature you may be susceptible to privacy breaches and increased risk for potential remote DoS
attacks to be launched successfully.
Set ypager.log permissions to Read-only or check for the logging when Messenger is started up each time it's used from a shared computer using the URL handler to disable it when signing in. Deleting the file before Messenger is started won't help as the file is recreated (it's needed even if the Logfile feature is disabled) if it isn't found in the Messenger folder.
Complete details in http://www.securityfocus.com/archive/1/398456/2005-05-15/2005-05-21/0
Avast! antivirus May Fail to Detect Certain Viruses
Juha-Matti Laurio reported a vulnerability in avast! antivirus. Certain types of viruses may not be detected. The antivirus software may not properly detect certain virus types. The specific virus types were not identified. Windows NT 4.0 systems are affected.
The vendor disclosed this vulnerability. Juha-Matti Laurio advised us of this vulnerability.
Impact: A virus may bypass the anti-virus detection.
Solution: The vendor has issued a fixed version (4.6.652), available via the application's user interface or at: http://www.avast.com/eng/updates.html