icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Yahoo! Messenger Shared File Access User Status Enumeration

Medium

Synopsis

The remote host may give an attacker information useful for future attacks

Description

The remote host is running a version of Yahoo Instant Messenger that reveals whether a user is on-line or not regardless of whether the user is marked as being "invisible". This information can be determined by trying to access the user's shared files: a different error message is reported if the user is on-line than if the user is off-line.

Solution

Upgrade to the latest version of Yahoo! Messenger.