Update: More on the Yahoo Messenger Webcam Zero-Day
Wednesday August 15, 2007 at 8:42 am CST
Posted by Wei Wang
[UPDATE]
Yahoo has fixed its Webcam vulnerability. The patches for the Webcam vulnerabilities have been released by Yahoo. We urge Yahoo Messenger users to download the latest Messenger. Thanks to the Yahoo security team for working with us to resolve this issue in a short time. Here’s what you need to know.
[Original blog:]
Earlier today Karthik had blogged about details of a new zero day in Yahoo! Messenger being published on some security forums in China, we got a chance to dig a bit deeper into this and were able to reproduce the vulnerability on Yahoo! Messenger version 8.1.0.413 based on the information provided in the forum. It seems like a classic heap overflow which can be triggered when the victim accepts a webcam invite. Note that this vulnerability is different from the recently patched one in June which exploited the Yahoo! Webcam ActiveX controls.
We’ve been able to reach Yahoo! security team and have informed them about this issue.
We recommend the following to users using Yahoo! Messenger Webcam:
1) Don’t accept webcam invites from untrusted sources until a patch for this is released.
2) It’s advisable to block outgoing traffic on TCP port 5100 until the vendor patches this vulnerability.
To mitigate this, we’re releasing our NIPS IntruShield signatures today to protect Yahoo! Messenger users from this threat. We shall keep on monitoring this threat and update if we come across anything.
August 16th, 2007 at 10:43
I’m shocked that you would suggest it is ever a good idea to accept webcam invites from untrusted sources. The proper advice is not to accept webcam invites from untrusted sources at anytime. The release of a patch does not make dealing with untrusted sources a safe practice.
Randy Abrams
Director of Technical Education
ESET LLC
August 17th, 2007 at 06:12
Wait a minute, is McAfee publicizing an unpatched zero-day issue here, thereby creating “hype and FUD by giving the world a chance to exploit” it? Quick, someone tell Rahul! I’m sure he’ll be incensed by McAfee’s irresponsible actions that put at risk the “Internet community at-large” who aren’t McAfee customers and are Yahoo Webcam users by arming up non-Chinese hackers who wouldn’t have heard of this.
August 17th, 2007 at 08:00
In a chatroom full of users you’ve never met before how can you EVER truly trust them? Whose to say that those you’ve met and spoken with in IM aren’t a part of a social engineering ploy. The proper advice is to reject cam invites until the threat is mitigated by a patch.
August 17th, 2007 at 08:03
Mr. Abrams,
Where I agree with you in practice, it is simply a fact that not everyone on yahoo or anywhere else is a technilogical expert. Although many on Yahoo! seem to think they are. Most users of chat are the every day “Joe.” They don’t know the difference between malicious code and a pornographic link sent to their Instant Message box. Most people will click on anything that pops up on their screen. Of course the proper advice would be for no one to accept ANYTHING even from so called “trusted” sources, because after all who can one trust on the Internet? But one has to be realistic in realising that there are going to be many out there who will accept even if they don’t know the person sending. The PROPER advice is to NOT accept ANY webcam invites. Period.
August 17th, 2007 at 16:09
Obviously, Mr. Sam Wheat doesnot know the difference between a publicly released vulnerability information in a public forum like xfocus (do you even know how popular xfocus is in china and other places?) and paying for zero days and sponsoring zero days.
I believe that this blog is for technical discussions and keeping track of interesting trends and threats. So, if you have a personal dig at the author (Rahul) please contact him in person. Saves your time and others as well. (Why do i have a feeling that you are a representative of ZDI???)
Chill mate! You are missing the point completely here.
As regards the blog, Wei Wang good information for us. I shall keep track of this and please do inform the community in case you see any active exploitation on this issue. And yes i agree with the comments to people that we should never accept webcam invites….EVER!
August 20th, 2007 at 08:08
wowo thats great macfee is going to help yahoo!! coming to any company we all expernce a pit fall once and a while and its good that pple join in to help good job macafee
August 20th, 2007 at 17:41
in the team509.com , I found the other two 0day , one about MSN messenger , he said it affect 7.x,8.0 ,MSN 8.1 have patched the vul , but why I can’t find Advisory in ms security bulletin, who can test it? I’m using MSN messenger 7.5 now , ;( .
The other one about MPC(media player classic), I test on my MPC, it worked, there is a patch for it?
there are the two links:
http://www.team509.com/modules.php?name=News&file=article&sid=50
http://www.team509.com/modules.php?name=News&file=article&sid=38
August 22nd, 2007 at 02:17
its ok as long as it is not money matter or is these another that they need your credit card
August 22nd, 2007 at 02:22
if you dont accept web cam so you want to chat with people you even dont know what he look like well thats good for us because we are ugly.
August 22nd, 2007 at 12:05
please advise when patch is redy for download thank you tommy grana
August 23rd, 2007 at 15:12
Please people use common sence don’t view cams from those you don’t know……..Enough of that though………….WHEN is Yahoo going to fix the rest of the problems???? Hell you can’t even go to a chatroom
August 24th, 2007 at 21:01
Chet, we are amoungst Morons :-
August 30th, 2007 at 09:28
i beleive that all people should trust each other ” on yahoo ” and open cams to each other no time to be selfish no time to say no because life is to short so open ur cam and lets have fun
June 23rd, 2008 at 00:24
[...] Yahoo’dan açığı kabul ettiklerini ve üzerinde çalıştıklarını belirten bir mesaj McAfee bloglarında yayınlandı. Açık kullanıcıların web kamerası ile görüşmeyi kabul etmeleri ile [...]