EfluxMedia

Beware with whom are you sharing the webcam on the Yahoo Messenger IM client. It might a friend, but it can be an intruder who wants to control your PC, by taking advantage of the latest vulnerability reported in Yahoo Messenger by McAfee.

The zero-day bug in Yahoo Messenger was reported for the first time by one of the McAfee’s Chinese security researchers.

The vulnerability was confirmed by McAfee on their AvertLabs blog. "It seems like a classic heap overflow which can be triggered when the victim accepts a webcam invite," Wei Wang, a security researcher at McAfee. "Note that this vulnerability is different from the recently patched one in June which exploited the Yahoo webcam ActiveX controls."

Wang is speaking about a vulnerability reported by the security firm eEye Digital Security, which was quickly fixed by Yahoo in the Version 8.1.0.401.

McAfee notified Yahoo about their finding, but until the company will issue a patch the users are being urged to protect themselves by not accepting webcam invites from untrusted sources.

Also, "it's advisable to block outgoing traffic on TCP port 5100 until the vendor patches this vulnerability," Wang added. "To mitigate this, we're releasing our NIPS IntruShield signatures today to protect Yahoo Messenger users from this threat. We shall keep on monitoring this threat and update if we come across anything."