Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Yahoo! Messenger YAUTO.DLL ActiveX Buffer Overflow Lets Remote Users Execute Arbitrary Code

Dec 2, 2003 11:35PM PST

Impact: Execution of arbitrary code via network, User access via network

Advisory: Sentry Union

Version(s): 5.6.0.1347 and prior versions

Description: Tri Huynh from SentryUnion reported a buffer overflow in Yahoo! Messenger in the 'YAUTO.DLL' ActiveX component. A remote user can execute arbitrary code on the target system.

It is reported that a remote user can create HTML that, when loaded by the target user, will cause an arbitrary executable to be downloaded to the target user's computer and silently executed.

The report indicates that YAUTO.DLL is registered under a ProgID called "YAuto.NSAuto.1" and contains a buffer overflow in the Open() function. A remote user can pass a specially crafted URL to trigger the overflow and execute arbitrary code.

Impact: A remote user can execute arbitrary code on the target system with the privileges of the target user.

Solution: No solution was available at the time of this entry.

The author of the report indicates that, as a workaround, you can delete the YAUTO.DLL file in your Yahoo! Messenger directory.

Vendor URL: messenger.yahoo.com/ (Links to External Site)

Cause: Boundary error

Underlying OS: Windows (Any)

Reported By: Tri Huynh

http://www.securitytracker.com/alerts/2003/Dec/1008362.html

Discussion is locked