YMSG: Yahoo Instant Messenger Cross-Site Scripting Vulnerability
This signature detects attempts to exploit a known vulnerability against Yahoo Instant Messenger. Versions 8.1.0.29 and prior are vulnerable. Attackers can inject scripting into the Last Name field of the chat window resulting in cross-site scripting.
Extended Description
Yahoo! Messenger is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the context of a victim's Internet Explorer temporary folder. This may help the attacker steal information and launch other attacks. Versions prior to 2.1.0.29 are vulnerable to this issue.
Affected Products
Yahoo! messenger
Short Name
CHAT:YIM:XSS
Severity
Warning
Recommended
False
Recommended Action
None
Category
CHAT
Keywords
Cross-Site Instant Messenger Scripting Vulnerability Yahoo bid:22269
Release Date
02/21/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/5050
False Positive
Unknown
Vendors
Yahoo!