World’s leading search engine provider, Yahoo! Inc. has released a new version of its Messenger, an instant messaging client to patch of zero-day vulnerabilities, which allow attackers grab control of a Windows PC with little or no help from the user.
eEye Digital Security Inc. has reported the bugs in Messenger’s Webcam ActiveX controls with in less than 24 hours after the vulnerabilities were reported to Yahoo!. Yahoo! has posted the new version of Messenger on its site and urged everyone to download and install it. Computers of messenger users’ could be at risk, if they visit malicious websites or view other malicious HTML code. Then, attackers can exploit security flaws in the Yahoo Webcam ActiveX control, a software package, which is downloaded with Messenger.
Since, Yahoo! has posted the patched edition, eEye has updated its advisory today with additional information on the vulnerabilities and how they could be exploited by attackers. Normally, said eEye, the two buggy ActiveX controls are used only when viewing or streaming webcam video content to and from Messenger.
According to Yahoo security advisory, attacks would most likely come via malicious Web sites. Some impacts of the vulnerabilities might include the introduction of executable code, being involuntarily logged out of a chat and/or instant messaging session, and the crash of an application such as Internet Explorer.
Image Credit: Back Office
Via: ZD Net
