Title: Yahoo! Messenger YInsthelper.DLL Multiple Buffer Overflow Vulnerabilities
Severity: HIGH
Description:
Yahoo! Messenger is a freely available chat client distributed and maintained by Yahoo! It is available for the Microsoft Windows platform.
When Yahoo! Messenger is installed it registers "yinsthelper.dll", this library adds the following COM objects:
YInstHelper.YInstStarter.1
YInstHelper.YAcs1
YInstHelper.YSearchSetting2
COM objects YInstHelper.YInstStarter.1 and YInstHelper.YSearchSetting2 have been reported prone to remote memory corruption vulnerabilities likely due to buffer overflow conditions.
The condition occurs in YInstHelper.YInstStarter.1 when values are set for properties "DesktopIcon", "AppId", "Test" that are of length 255 bytes or greater. By crafting a HTML page that invokes this COM object, and passing data to one of the affected properties, an attacker may overwrite values that are crucial to controlling program execution flow. Ultimately an attacker may exploit these issues to execute arbitrary instructions in the context of the user who is running an instance of Internet Explorer used to view the malicious web page.
Passing a string greater than 255 bytes in length as a value for the "Set" property of the YInstHelper.YSearchSetting2.1 COM object will trigger a similar condition. Again by crafting a HTML page that invokes this COM object, and passing data to the affected properties, an attacker may overwrite values that are crucial to controlling program execution flow. Ultimately an attacker may exploit this issue to execute arbitrary instructions in the context of the user who is running an instance of Internet Explorer used to view the malicious web page.
Immediate consequences of exploit attempts may result in the web browser instance, and all windows spawned from it, crashing when the malicious site is viewed.
It should be noted that although these vulnerabilities have been reported to affect Yahoo! Messenger version 5.6, other versions may also be affected.
Affected Products:
- Yahoo! Messenger 5.6.0
- Yahoo! Messenger 5.6.0.0.1347
- Yahoo! Messenger 5.6.0.0.1351
- Yahoo! Messenger 5.6.0.0.1355
- Yahoo! Messenger 5.6.0.0.1356
- Yahoo! Messenger 5.6.0.0.1358
References:
- Yahoo!: Yahoo! Messenger Product Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
