Home > Yahoo Messenger > Yahoo! Messenger File Name Spoofing

Yahoo! Messenger File Name Spoofing

Messenger version 6.0.0.1750 and possibly other versions could allow a remote attacker to spoof file names within file transfer dialogs. The product displays only a portion of an overly long filename which an attacker can exploit by misleading a user into downloading a malicious executable program. This issue may lead to a compromise of the target computer as well as other consequences.It should be noted that although only Yahoo! Tech Support Guy is completely free -- paid for by advertisers and donations. Source

Messenger wraps overly long filenames and shows only the first line of the filename in the file transfer dialogs. Other versions may also be affected. ====================================================================== 4) Solution Update to version 6.0.0.1921. Continue Secunia Research Community Products Services Resources Free Trials Purchase Support Company Login VIM 4 CSI 7 Community Self-service Portal Partner Portal Overview Advisories Research Forums Create Profile Advisories Research Forums Messenger, which can be exploited by malicious people to trick users into executing malicious files.The problem is that files with long filenames are not displayed correctly in the file transfer dialogs.

Successful exploitation requires that the option "Hide extension for known file types" is enabled in Windows (default setting). Comments: Please enable JavaScript to view the comments powered by Disqus. These advisories are gathered in a publicly available database at the Secunia web site: http://secunia.com/ Secunia offers services to our customers enabling them to receive all relevant vulnerability information to their

This site is completely free -- paid for by advertisers and donations. blog comments powered by Disqus Related Articles Microsoft Windows Local Privilege Escalation Vulnerabilities Microsoft Office Use After Free Memory Corruption Vulnerabilities Microsoft Internet Explorer Execute Arbitrary Code Remote Memory Corruption Vulnerabilities Terms of Use Site Privacy Statement. Messenger File Transfer Filename SpoofingSecunia Advisory: SA13712Critical: Less criticalImpact: SpoofingWhere: From remoteSolution Status: Vendor PatchSoftware: Yahoo!

Yahoo! Messenger File Transfer Filename Spoofing - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulnerability.........................................3 Solution.............................................................4 Time Table...........................................................5 Credits..............................................................6 References...........................................................7 About Secunia........................................................8 Verification.........................................................9 ====================================================================== 1) Affected Software Yahoo! Messenger version 6.0.0.1921 (for Windows) or newer Audio Setup Wizard Privilege Escalation Yahoo! Show Ignored Content As Seen On Welcome to Tech Support Guy!

Debarybabs, Mar 19, 2016, in forum: All Other Software Replies: 12 Views: 565 Macboatmaster Mar 20, 2016 Thread Status: Not open for further replies. SKYNYRD replied Mar 18, 2017 at 11:19 AM Removing canceled order from... This can be exploited to trick users into accepting and potentially executing malicious files.Successful exploitation requires that the option "Hide extension for known file types" is enabled in Windows (default setting).The Descubrí.

Messenger contains multiple vulnerabilities with the file transfer spoofing, and with audio setup wizard privilege escalation. Successful exploitation requires that a user runs the Audio Setup Wizard and that the application has been installed in a non-default location (not as a subdirectory to the "Program Files" directory). No, create an account now. Respondé.

Please start a New Thread if you're having a similar issue.View our Welcome Guide to learn how to use this site. this contact form Eiram and by Andreas Sandblad. All rights reserved. Messenger 6.0 Build 1921 http://messenger.yahoo.com/ Privacy StatementCopyright 2010, SecurityFocus info discussion exploit solution references Yahoo!

Messenger Audio Setup Wizard Privilege EscalationSecunia Advisory: SA11815Critical: Less criticalImpact: Privilege escalationWhere: Local systemSolution Status: Vendor PatchSoftware: Yahoo! Messenger Vulnerabilities Posted on February 18, 2005 By Marc Erickson Yahoo! Disclosure Timeline: 04/01/2005 - Vendor notified about Privilege Escalation. - Vulnerability of Filename Spoofing was discovered. 10/01/2005 - Vendor notified about Filename Spoofing. 14/01/2005 - Vendor contacted second time about Priviliege http://popupjammer.com/yahoo-messenger/yahoo-messenger-installation-404-file-not-found.html Messenger version 6.0.0.1750 (for Windows) Immune Systems: * Yahoo!

If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. If the file is an executable program and the user opens the file, the program will then execute with the privileges of the currently logged in user. Messenger 6.xDescription: Secunia Research has discovered a vulnerability in Yahoo!

Terms and Conditions Privacy Policy Nmap Security Scanner Intro Ref Guide Install Guide Download Changelog Book Docs Security Lists Nmap Announce Nmap Dev Bugtraq Full Disclosure Pen Test Basics More Security

Yahoo! Messenger Download Dialogue Box File Name Spoofing Vulnerability Solution: The vendor has released an upgrade dealing with this issue. No interruption of visitors. Todo lo que querías saber, y lo que ni imaginabas, está en Yahoo!

Details Protect your website! Details: Yahoo! Platforms Affected: Microsoft Corporation: Windows 95 Microsoft Corporation: Windows 98 Microsoft Corporation: Windows 98 Second Edition Microsoft Corporation: Windows Me Microsoft Corporation: Windows XP Microsoft Corporation: Windows 2000 Any version Microsoft http://popupjammer.com/yahoo-messenger/yahoo-messenger-install-log-file-missing.html Terms of Use Privacy Policy Corporate Policies Log in or Sign up Tech Support Guy Home Forums > Software & Hardware > All Other Software > Computer problem?

www.beyondsecurity.com/vulnerability-scanner Vulnerable Systems: * Yahoo! Staff Online Now Cookiegal Administrator cwwozniak Trusted Advisor flavallee Trusted Advisor Advertisement Tech Support Guy Home Forums > Software & Hardware > All Other Software > Home Forums Forums Quick Links Advertisement Recent Posts How do I update my bios? Messenger file name spoofing Discussion in 'All Other Software' started by eddie5659, Feb 18, 2005.

All rights reserved. CVE https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0243 References http://secunia.com/advisories/13712 BID http://www.securityfocus.com/bid/12587 Secunia http://secunia.com/advisories/13712 Products + Services Company Footer Menu: 2 Careers Resources FOLLOW Request a demo Request a quote © 1998-2016 Ixia. Click here to join today! If you're not already familiar with forums, watch our Welcome Guide to get started.

Join our site today to ask your question. Messenger 6.0.0.1750 http://xforce.iss.net/xforce/xfdb/19382 Regards eddie eddie5659, Feb 18, 2005 #1 Cheeseball81 Moderator Joined: Mar 3, 2004 Messages: 84,310 Thanks eddie I just updated mine Cheeseball81, Feb 18, 2005 #2 Messenger, which can be exploited by malicious people to trick users into executing malicious files. Other versions may also be affected.Solution: Update to version 6.0.0.1921 or later.

Messenger version 6.0.0.1750 is reportedly affected; earlier versions may be affected as well. Archives Archives Select Month March 2017 (6) February 2017 (8) January 2017 (15) December 2016 (17) November 2016 (6) October 2016 (3) July 2016 (1) June 2016 (23) May 2016 (13) The file is downloaded to the target system. Respuestas (Beta).