Some weeks ago i found another hole in a Yahoo! ActiveX, i haven't told Yahoo! yet about this and i just noticed this:
Yahoo! silently (Yahoo! didn't post any kind of alert) fixed another hole in "YInstStarter Class" ActiveX (heap overflow in "AppId" initialization parameter), this ActiveX is installed in order to download Yahoo! Messanger. If you have downloaded Yahoo! Messenger before 09/09/03 then you are vulnerable and you should remove the ActiveX or go to Yahoo! Messenger download site and update the ActiveX. To remove the ActiveX: -Go to: %SystemRoot%\Downloaded Program Files\ -Right Click on: YInstStarter Class -Left Click: Remove I thought Yahoo! was serious about security!!! Doh!!! i have Yahoo! emails accounts:) To reproduce the overflow just copy and paste the following: <OBJECT ID='YInstStarter' CLASSID='CLSID:30528230-99F7-4BB4-88D8-FA1D4F56A2AB' ><PARAM NAME='AppId' Value='verylongstringhere'> <PARAM NAME="Test" Value="0"><!--not necessary, but what this does here!!! Test?--> </OBJECT> Cesar. __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html