• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Yahoo! Messenger Message Field Overflow Vulnerability

Yahoo! Messenger is the main client for Yahoo's instant messaging service. The affected version runs on Microsoft Windows operating systems.

It is reportedly possible to crash the Yahoo Messenger client by overflowing the message field. The client communicates via port 5101.

It is important to note that the attacker would need to construct a malicious client which uses the Yahoo Messenger protocol to successfully exploit this issue, as the existing Yahoo Messenger client proactively limits the length of message fields that are sent.

This vulnerability may be the result of a buffer overflow, potentially allowing for execution of arbitrary attacked-supplied instructions on the host running the vulnerable client. However, this possibility has not been confirmed.