TITLE: Yahoo! Messenger Conference Invite Denial of Service SECUNIA ADVISORY ID: SA22510
VERIFY ADVISORY: http://secunia.com/advisories/22510/ CRITICAL: Not critical IMPACT: DoS WHERE: >From remote SOFTWARE: Yahoo! Messenger 8.x http://secunia.com/product/12122/ DESCRIPTION: A weakness in Yahoo! Messenger, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to a NULL pointer dereference error when processing received conference invites. This can be exploited to crash arbitrary users' Yahoo! Messenger clients by sending a Conference Invite packet containing a specially crafted "room name" string. The vulnerability is confirmed in version 8.0.0.716. Other versions may also be affected. SOLUTION: Update to version 8.1.0.195 or later. ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
