Yahoo! Messenger CYFT FT60.DLL ActiveX Control GetFile Method Arbitrary File Upload Vulnerability

Yahoo! Messenger CYFT FT60.DLL ActiveX Control GetFile Method Arbitrary File Upload Vulnerability

Yahoo! Messenger CYFT ActiveX control is prone to an arbitrary-file-upload vulnerability because it fails to adequately sanitize user-supplied input.

Successfully exploiting this issue allows an attacker to upload malicious files to an arbitrary location on a victim's computer; the files will have the permissions of the application using the ActiveX control (typically Internet Explorer).

Yahoo! Messenger 8.1.0.421 is vulnerable; other versions may also be affected.