Home > Yahoo Messenger > Yahoo! Messenger File Name Spoofing

Yahoo! Messenger File Name Spoofing

SKYNYRD replied Mar 18, 2017 at 11:19 AM Removing canceled order from... Yahoo! Platforms Affected: Microsoft Corporation: Windows 95 Microsoft Corporation: Windows 98 Microsoft Corporation: Windows 98 Second Edition Microsoft Corporation: Windows Me Microsoft Corporation: Windows XP Microsoft Corporation: Windows 2000 Any version Microsoft http://messenger.yahoo.com/"Related Post navigation Gaim Two Denial of Service WeaknessesOut of left field Subscribe Now to Receive Our Most Important Daily Updates for Free! http://scifijumpgate.com/yahoo-messenger/yahoo-messenger-yml-dll-file.html

Messenger Security Updates (Yahoo!) Privacy StatementCopyright 2010, SecurityFocus Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus Home Ask the Successful exploitation requires that the option "Hide extension for known file types" is enabled in Windows (default setting). Staff Online Now Cookiegal Administrator cwwozniak Trusted Advisor flavallee Trusted Advisor Advertisement Tech Support Guy Home Forums > Software & Hardware > All Other Software > Home Forums Forums Quick Links Messenger 6.0 Build 1921 http://messenger.yahoo.com/ Privacy StatementCopyright 2010, SecurityFocus info discussion exploit solution references Yahoo!

Thread Status: Not open for further replies. Messenger file name spoofing Discussion in 'All Other Software' started by eddie5659, Feb 18, 2005. Messenger 6.x…Solution: Update to version 6.0.0.1921 or later.

This can be exploited to trick users into accepting and potentially executing malicious files.Successful exploitation requires that the option "Hide extension for known file types" is enabled in Windows (default setting).The Credit: The information has been provided by Carsten H. Jump to navigation Worldwide简体中文 日本語 한국어 Español English My account Sign In / Register Search form Search Support & Services Support & Services Support & ServicesSupport Request Strike Database End-of-Life Announcements Messenger version 6.0.0.1750 and possibly other versions could allow a remote attacker to spoof file names within file transfer dialogs.

Messenger 6.0.0.1750 http://xforce.iss.net/xforce/xfdb/19382 Regards eddie eddie5659, Feb 18, 2005 #1 Cheeseball81 Moderator Joined: Mar 3, 2004 Messages: 84,310 Thanks eddie I just updated mine Cheeseball81, Feb 18, 2005 #2 File Transfer Filename Spoofing Yahoo! Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc. MS111 replied Mar 18, 2017 at 11:00 AM Loading...

Messenger. Descubrí. Click here to join today! If the file is an executable program and the user opens the file, the program will then execute with the privileges of the currently logged in user.

Todo lo que querías saber, y lo que ni imaginabas, está en Yahoo! Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/secunia_security_advisories/ ====================================================================== 9) Verification Please verify this advisory by visiting the Secunia web site: http://secunia.com/secunia_research/2005-2/advisory/ ====================================================================== Stay Connected RSS YouTube Twitter Messenger version 6.0.0.1750 is reportedly affected; earlier versions may be affected as well. The product displays only a portion of an overly long filename which an attacker can exploit by misleading a user into downloading a malicious executable program.

Messenger wraps overly long filenames and shows only the first line of the filename in the file transfer dialogs. this contact form Messenger is an online instant messaging program that allows users to send instant messages, files, and email. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ By Date By Thread Current thread: Yahoo messenger file extension spoof vulnerability Ivan Ivan (Aug 04) [ Nmap | Sec Tools The behavior of the system is then dependent on the nature of the downloaded program.

Messenger (Filename Spoofing, Privilege Escalation) 23 Feb. 2005 Summary Yahoo! blog comments powered by Disqus Related Articles Microsoft Windows Local Privilege Escalation Vulnerabilities Microsoft Office Use After Free Memory Corruption Vulnerabilities Microsoft Internet Explorer Execute Arbitrary Code Remote Memory Corruption Vulnerabilities Terms and Conditions Privacy Policy Nmap Security Scanner Intro Ref Guide Install Guide Download Changelog Book Docs Security Lists Nmap Announce Nmap Dev Bugtraq Full Disclosure Pen Test Basics More Security have a peek here Messenger version 6.0.0.1750 (for Windows) Immune Systems: * Yahoo!

Advertisements do not imply our endorsement of that product or service. info discussion exploit solution references Yahoo! Please start a New Thread if you're having a similar issue.View our Welcome Guide to learn how to use this site. Respuestas (Beta).

This can be exploited to trick users into accepting and potentially executing malicious files.

Comments: Please enable JavaScript to view the comments powered by Disqus. The vulnerability has been confirmed in version 6.0.0.1750. Advertisement eddie5659 Moderator Malware Specialist Thread Starter Joined: Mar 19, 2001 Messages: 30,032 Hiya Yahoo! All rights reserved.

Messenger, which can be exploited by malicious people to trick users into executing malicious files. Join over 733,556 other people just like you! The vulnerability is caused due to a combination of weak default directory permissions and the Audio Setup Wizard (asw.dll) invoking the "ping.exe" utility insecurely during the connection testing phase. http://scifijumpgate.com/yahoo-messenger/yahoo-messenger-installation-404-file-not-found.html Join our site today to ask your question.

Yahoo! Are you looking for the solution to your computer problem? Messenger contains a vulnerability which can be exploited by malicious, local users to gain escalated privileges. Messenger File Transfer Filename Spoofing - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulnerability.........................................3 Solution.............................................................4 Time Table...........................................................5 Credits..............................................................6 References...........................................................7 About Secunia........................................................8 Verification.........................................................9 ====================================================================== 1) Affected Software Yahoo!

Privacy StatementCopyright 2010, SecurityFocus info discussion exploit solution references Yahoo! These advisories are gathered in a publicly available database at the Secunia web site: http://secunia.com/ Secunia offers services to our customers enabling them to receive all relevant vulnerability information to their Messenger Homepage (Yahoo!) Yahoo! Messenger Vulnerabilities Posted on February 18, 2005 By Marc Erickson Yahoo!

Similar Threads - Yahoo Messenger file How do I connect the new Yahoo Messenger to Facebook chat? Loading... Show Ignored Content As Seen On Welcome to Tech Support Guy! for networks of any size.

Eiram and by Andreas Sandblad. Messenger Download Dialogue Box File Name Spoofing Vulnerability References: Yahoo! www.beyondsecurity.com/vulnerability-scanner Vulnerable Systems: * Yahoo! Yahoo!

Successful exploitation requires that the option "Hide extension for known file types" is enabled in Windows (default setting). Tech Support Guy is completely free -- paid for by advertisers and donations. Read more about the use of cookies on the Secunia website. Other versions may also be affected. ====================================================================== 4) Solution Update to version 6.0.0.1921.