Nov 25, 2009

Critical Bug In Yahoo! Messenger Webcam Activex

 		free web hosting
Open Discussion & Free Web Hosting > Computers & Tech > Security issues & Exploits

Critical Bug In Yahoo! Messenger Webcam Activex

tansqrx
Jun 7 2007, 11:12 PM
This bug first came to light on Information Week’s website yesterday, June 6, 2007 (http://www.informationweek.com/news/showArticle.jhtml?articleID=199901856). The original research group is the well known eEye (http://research.eeye.com/html/advisories/upcoming/20070605.html), which said the vulnerability was serious and could lead to remote code execution. Since the original report it has also been posted by Computer World (http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9023945&intsrc=news_ts_head) that a separate research named “Danny” has released the exploit into the wild. In a follow-up today he also posted a second exploit. All of the discussions can be found at http://lists.grok.org.uk/pipermail/full-di...sure/2007-June/.

Comment/Reply (w/o sign-up)

tansqrx
Jun 9 2007, 04:55 AM
It looks like the fun may be over. Yahoo! has announced the release of a patch to correct the buffer overflow in the webcam ActiveX control. The official Yahoo! annoucment of the patch is located at http://messenger.yahoo.com/security_update.php?id=060707. This is a very quick turn around for Yahoo! as the exploit was only public for three days before a patch was issued. More detail can be found at http://lists.grok.org.uk/pipermail/full-di...une/063875.html. The patch does require you to completely reinstall Messenger and has not been automatically pushed out as of late Friday on June 8, 2007. Since the patch is not automatic the fun may continue for at least a few more days.

Comment/Reply (w/o sign-up)

tansqrx
Jun 10 2007, 04:56 AM
As a public service I decided to create a page that checks for this vulnerability. The start page can be found at http://Ycoderscookbook.com/WebcamExploitWarning.htm.

On June 6, 2007 eEye (http://research.eeye.com/html/advisories/upcoming/20070605.html) security published a report stating the Yahoo! Messenger was susceptible to a buffer overflow. The next day a Yahoo! spokesperson let it slip that the problem was in the webcam ActiveX control that allows a user to display his webcam on a webpage. Shortly after that exploit code was published on the Full Disclosure mailing list (http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/). There are actually two different components that can be exploited, ywcupl.dll (Webcam Upload) and Ywcvwr.dll (Webcam Download).

What to expect
Here you can test to see if you are vulnerable to this particular exploit. Be warned that this may cause the following:
• Crash of web browser
• System becomes unstable
• Antivirus screaming bloody murder
If you are vulnerable then your web browser should crash. I have found that it is more likely to happen in IE than Firefox.

Ywcvwr.dll Runs Calc.exe
This was the first proof of concept. It uses a fairly standard payload that starts the Windows calculator.

ywcupl.dll Runs Freecell.exe
The second proof of concept is certainly much more nasty. It will download a program from anywhere on the Internet and then run that program. In my example I download Free.exe and then run it. Free.exe simply opens a new process for the Free Cell Windows game. Free.exe is written in VB.NET so you will have to have the .NET Framework to run it. Certainly you could use your imagination and see that this is the ultimate exploit.

References
• http://lists.grok.org.uk/pipermail/full-di...une/063875.html
• http://www.informationweek.com/news/showAr...cleID=199901856
• http://www.computerworld.com/action/articl...rc=news_ts_head
• http://lists.grok.org.uk/pipermail/full-di...une/063846.html
• http://www.securityfocus.com/archive/1/470861
• http://blogs.zdnet.com/security/?p=274

 

 

 


Comment/Reply (w/o sign-up)

tansqrx
Jun 10 2007, 05:12 AM
It looks like the update is being pushed out automatically now. I got a nice little pop-up today and I quickly and easily updated Messenger.

Comment/Reply (w/o sign-up)

Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.
Nature of your Post*: Opinion/ Reply/ Comments
Question/Query
Feedback to us.
       
Name   Email
Title/Question*

This textarea will convert to Rich-Text automatically (IE, Firefox, Chrome)

Similar Topics

Keywords : critical, bug, yahoo, messenger, webcam, activex

  1. Winzip ActiveX Control Remote Code Execution Vulnerability
    (2)
  2. Yahoo! Messenger Unspecified Activex Buffer Overflow
    (1)
    CNET is reporting that a new Yahoo! Messenger Exploit has been found. The story
    (http://news.com.com/2100-1002_3-6144110.html?part=rss&tag=2547-1_3-0-5&subj=news) states that all
    versions prior to November 2, 2006 are affected and by downloading the latest version (8.1) you will
    be protected. The bug was apparently first reported to Secunia
    (http://secunia.com/advisories/23401/). No details or exploit code has been published. No my
    question, which ActiveX control does this affect and does anyone of the juicy detail of this one?
    Additional links can be found at http....
  3. Microsoft Xmlhttp Activex Control Code Execution Vulnerability
    Extremely critical (0)
    Another vulnerability to XP has been found by Security research firm Secunia. QUOTE
    Description: A vulnerability has been reported in Microsoft XML Core Services, which can be
    exploited by malicious people to compromise a users system. The vulnerability is caused due to an
    unspecified error in the XMLHTTP 4.0 ActiveX Control. Successful exploitation allows execution of
    arbitrary code when a user e.g. visits a malicious website using Internet Explorer. NOTE: The
    vulnerability is already being actively exploited. QUOTE Solution: Microsoft has recommended
    va....
  4. Hackers Publish Code For Critical Ie Bug
    (0)
    security researchers in the U.K. have now published "proof of concept" code for unpatched bug in
    the way Microsoft Internet Explorer browser handles the JavaScript computer language. It shows
    how hackers could exploit the problem and possibly take over a Windows system. According to Russ
    Cooper, this vulnerability has been around since May. the malicious code can be launched by just
    one simple click on a Web link. All users of Internet Explorer version 5.5 and 6.x are affected by
    the vulnerability you may turn off JavaScript in Internet Explorer's Internet....
  5. Microsoft Critical Patch Can Cause Serious Problem
    (8)
    Installing the patch (MS05-051), which was released Tuesday to fix four Windows flaws in Windows
    2000, Windows XP and Windows Server 2003 is causing serious problems for some users. according to
    C|Net News.com, users will be locked out of their PC, the Windows Firewall wont be started, certain
    applications may be blocked from running or installing, and the network connections folder will be
    emptied. This happen only when you change the default permission settings on a Windows directory.
    The solution is unstall this patch or restore the default permissions for t....
  6. AOL Instant Messenger Chain Virus
    Has anyone else been hit by this? (12)
    yesterday, i was chatting with a friend and she sent me a link to what looked like a photo file...
    when i opened it, it turned out to be a virus... which in turn, automatically messaged all the
    people online on my buddy list the link and then closed all chat windows..... does anyone know what
    this is? and if so, how do i fix it?....
  7. Critical Flaw Found In Firefox
    (5)
    I don't want to spam by posting the entire article but this was brougt to my attention by an
    email posting at work. Since I have not seen it in this thread here it is. The full atricle can be
    found at http://news.yahoo.com/s/pcworld/120756 "Firefox has unpatched "extremely critical"
    security holes and exploit code is already circulating on the Net, security researchers have warned.
    The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your
    system." Security focus also has a note http://www.securityfocus.com/advisories/8430....
  8. Yahoo Messenger Exploits?
    Does anyone know of any exploits in YMSG (4)
    Here's the question. Do you know of any exploits in Yahoo Messenger? The reason that I am
    asking is I have done quite a bit of research into the security of Messenger over the last 6 months.
    Actually the reason that I am trying to get web space is to publish some of my findings. I have
    mapped many of the Yahoo protocol packets and researched several common booters. Once I have the
    space I will dish out all the details. Do I have any similar Yahoo Messenger enthusiasts around
    that might be willing to discuss Messenger security?....
  9. Msn Messenger Digital Signature
    GAAHHH! (3)
    When I play MSN Messenger's games, an alert pops up saying: QUOTE Windows has found a
    problem with this file. Name: MessengerStatsClient.cab31267.cab Publisher: Unknown Publisher
    So I went to check the Digital Signature Information, and it said its Signing Time was Thursday, May
    29, 2003 5:56:23 PM. Then I read the Certificate, which was issued by Microsoft Code Signing PCA and
    Valid from Thursday, June 27, 2002 6:14:39 PM to Saturday, December 27, 2003 6:24:39 PM. After I
    click OK to close the alert, the game says QUOTE Messenger games require Activ....
  10. New Virus Alert!
    Especially for those MSN messenger users (13)
    Watch out MSN users! There is a new virus... Maybe its old... But once it get into your computer, it
    automatically sends a copy of the virus to all your contacts via MSN messenger... I almost got hit
    by one, but norton stopped it! There are many different names it is hiding under... My friend's
    computer sent me "The cat and the fan" It sented another copy to my other friend... She got "The
    frog and the fish" There are many combinations... So be careful! Sorry to double post, but I found
    yet another one... "Mona Lisa wants her smile back" Its another virus! --------....


      11. Looking for critical, bug, yahoo, messenger, webcam, activex

See Also,

*SIMILAR VIDEOS*
Searching Video's for critical, bug, yahoo, messenger, webcam, activex
advertisement



Critical Bug In Yahoo! Messenger Webcam Activex

Affordable Web Hosting, Low cost Web Hosting - ComputingHost.com