Three new vulnerabilites have been make publicly this week. Two for Yahoo Messenger Webcam ActiveX and one for Microsoft GDI+
Yahoo! Messenger Webcam Upload ActiveX Control Buffer Overflow
Security company eEye Digital Security has discovered two vulnerabilities for Yahoo’s instant messenger client software that were reported to Yahoo. The bugs are critical because allow remote [code] execution. Yahoo gave them its highest security threat rating.
The vulnerable control is part of the code for Webcam image upload and viewing (ywcupl.dll). Yahoo is working in a patch, nevertheless two publicly available exploits have been submited to Bugtraq and Full-Disclousre mailing lists. We think it willl be actively exploited by malware in a few days.
The PoC’s are inoffensive (execution of calc.exe) but it would be very easy to add a more dangerous shellcodes.
Yahoo! Messenger version 18.104.22.168, incorporating ywcupl.dll version 22.214.171.124 is vulnerable. This vulnerability is currently unpatched.
Microsoft GDI+ Integer division by zero flaw handling .ICO files
CSIS Security group has found an “integer division by zero” flaw in GDI+ when parsing .ICO files. The vulnerability doesn’t allow remote code execution but it allow to crash Windows Explorer and other components like “Windows Picture and Fax Viewer”. The flaw was reported to Microsof and MSRC confirmed the vulnerability. It will be fixed in next Service Pack. The full advisory can be downloaded at the following link: http://www.csis.dk/dk/forside/GdiPlus.pdf