Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Yahoo! Messenger ymsgr URI Arbitrary Script Execution



The remote host is vulnerable to a script injection flaw


The remote host is running a version of Yahoo Instant Messenger that is vulnerable to a script injection attack. It is possible to create a URL that contains the ymsgr:addview? function and which points to a webpage containing malicious code. This code will be automatically loaded and rendered by the Yahoo Client allowing for the execution of attacker supplied code that will run with the privileges of the IM client user.


Upgrade to the latest version of Yahoo Instant Messenger.