Yahoo is urging users of Yahoo Widgets to upgrade to address <A HREF="http://www.eweek.com/article2/0,1895,2164180,00.asp?kc=EWKNLNAV073107FEA1">a vulnerability hackers can exploit remotely</A> to take control of a compromised system.
According to researchers at the French Security Incident Response Team, the issue is caused by a buffer overflow error in the "YDPCTL.YDPControl.1" (YDPCTL.dll) ActiveX control when processing malformed arguments passed to the "GetComponentVersion()" method. The flaw can be exploited by tricking a user into visiting a specially crafted Web page and could result in a denial-of-service attack or the takeover of an affected system.
Yahoo Widgets versions prior to 4.0.5 are affected by the flaw. The vulnerability was initially reported by the security firm Secunia, in Copenhagen, which rated it highly critical.
Recent Articles
-
Why a server-based anti-spam solution might be a good idea
-
Hosted email security with GFI MailEssentials Complete Online
-
Send your holiday emails from Outlook while keeping that personal touch
-
Welcome to the ZATZ Studio
-
Video: SmartSchedules can overcome some of Outlook’s limitations
-
Open question: what would you like to see us cover?
-
How the Epsilon breach might cause real security problems
-
Status report: migrating ZENPRESS to a new platform
From Our Sponsor
