C2C Anyone? For chatters who frequent Yahoo! Chat rooms, this is a common thing to say… C2C (Cam to Cam) Chat has been very popular nowadays, from chatters who just want to view their chat mates to webcam shows to far away loved ones…most of the time a webcam is used while chatting on Yahoo! Sad to say, Yahoo! Webcam did not escape the reality that almost all software has vulnerability. Two vulnerabilities for the Yahoo! Messenger have been disclosed to the public. These vulnerabilities have been proven to result in arbitrary code execution, which means that it may just be a little time before it is exploited by malicious users. The first vulnerability is because of lack of boundary checking in the ywcupl.dll (used for Yahoo! Webcam Upload ActiveX control). This error can cause a stack based buffer overflow by assigning a very long string to the “Server” property and then calling the “Send()” method. The second vulnerability is because of lack of boundary checking in the ywcvwr.dll (used for Yahoo! Webcam Viewer ActiveX control). It works the same way as the first vulnerability but this time instead of send(), the exploit is triggered by calling the “Receive()” method. Not to worry though, because Yahoo! has already given an update which solves this issue. Please go to this site to know more about the vulnerability and how to update your Yahoo! Messengers.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!