McAfee Avert Labs is reporting that it has uncovered a new zero-day exploit in Yahoo! Messenger Webcam. It is advising that Yahoo! Messenger users stop accepting invites from anyone that they don’t know and trust until a patch has been released.
The bug consists of a “classic heap overflow” that may be triggered when a victim accepts a webcam invitation, according to McAfee. McAfee also points out in its posting that this problem is not the same ActiveX control vulnerability that was patched in June.
If you must use Yahoo! Messenger, I’d recommend that you block outgoing traffic on TCP port 5100. Better yet, stop using Yahoo! Messenger until a patch is released. Personally, I’ve stopped using Yahoo! Messenger altogether.
[tags]yahoo, yahoo messenger, yahoo![/tags]