Yahoo! Messenger Sploit! (SERIOUS)
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Yahoo! Messenger Sploit! (SERIOUS)

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    657

    Yahoo! Messenger Sploit! (SERIOUS)

    New sploit has been found in YIM (Yahoo! Instant Messenger)


    Sploit Info


    05. Threat Significance

    Vulnerability #2 (above) demonstrates how potential attackers could replace or even visually replicate almost any YIM content and insert scripts into their own HTML that could be used to do almost anything on a YIM users machine. For example, it would not be too difficult to modify the demonstration exploit above to request a YIM user's ID and password and send it to any email address or Internet URL.

    Minimum user intervention is required to exploit these vulnerabilities. Modifications of the ymsgr URLs provided could readily be hidden in HTML pages or emails with text or images enticing YIM users to click on them. Further, scripts could be used to load such ymsgr-exploit URLs into pop-up browser windows with no direct user intervention.

    Given there are now somewhere between 13-65 million Yahoo! Messenger users worldwide (as described in the Summary above), the potential impact of this vulnerability poses a highly significant threat to users who do not soon upgrade their Yahoo! Messenger clients.




    WE ALSO NEED A SECTION WHERE THIS TYPE OF TOPIC WOULD FIT BETTER, SUCH AS "RECENT THREATS" or "NEW SPLOITS" or "SECURITY RISK", i couldnt find anything that this thread would fit under so i put it here
    [shadow]i have a herd of 1337 sheep[/shadow]
    Worth should be judged on quality... Not apperance... Anyone can sell you **** inside a pretty box.. The only real gift then is the box..

  2. #2
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Network or internet security would have probably been the best place for this thread, but who knows. We definately should have a general "New exploit/advisory" froum.

    Slightly dated (early this month I believe) but still very relevant. Good find NetSyn.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  3. #3
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    sploits / advisories..

    AntiVirus Discussions? wouldn't that cover the topic..?

    but your idea could make it easier to target.. k

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  4. #4
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103

    Re: Yahoo! Messenger Sploit! (SERIOUS)

    Originally posted here by NetSyn
    (...) Given there are now somewhere between 13-65 million Yahoo! Messenger users (...)
    What evil genius figured out those numbers? One number is five times higher than the other.

    Anyway, nice find NetSyn.
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    657
    lol : ) i doubt this would fit under anti virus security.... and i really feel we need a place to talk about sploits in general or at least something close 2 it
    [shadow]i have a herd of 1337 sheep[/shadow]
    Worth should be judged on quality... Not apperance... Anyone can sell you **** inside a pretty box.. The only real gift then is the box..

  6. #6
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    how about Miscellaneous Security Discussions...

  7. #7
    Member
    Join Date
    May 2002
    Posts
    64
    How about.......
    Who cares where it is posted? It is good information, i am glad he put it in one of the places where traffic is heaviest, i would have never seen it in virus discussion.
    \"Drastic times call for drastic measures.\"

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    657
    i didnt even see misc security till just now, thanx for pointing it out
    [shadow]i have a herd of 1337 sheep[/shadow]
    Worth should be judged on quality... Not apperance... Anyone can sell you **** inside a pretty box.. The only real gift then is the box..

  9. #9
    Senior Member
    Join Date
    May 2002
    Posts
    390
    i'll have to agree. putting something in a well traveled area will not do harm...
    so somebody has a choice of reading it. it is still good info. thnx netsyn. saved a few peoeple i know.
    just like water off a duck\'s back... I AM HERE.

    for CMOS help, check out my CMOS tut?

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Location
    Ireland
    Posts
    735

    Re: Re: Yahoo! Messenger Sploit! (SERIOUS)

    Yeah, I know that I have registered at least 100 Yahoo! accounts because I used to love GeoCities. But now that I haven't accessed any of them in about a year, I think they probably have been cancelled. Hmm, that's probably worth finding out...

    Originally posted here by Guus


    What evil genius figured out those numbers? One number is five times higher than the other.

    Anyway, nice find NetSyn.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •