Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Yahoo! Messenger Shared File Access User Status Enumeration

Medium

Synopsis

The remote host may give an attacker information useful for future attacks

Description

The remote host is running a version of Yahoo Instant Messenger that reveals whether a user is on-line or not regardless of whether the user is marked as being "invisible". This information can be determined by trying to access the user's shared files: a different error message is reported if the user is on-line than if the user is off-line.

Solution

Upgrade to the latest version of Yahoo! Messenger.