Signature Detail

YMSG: Yahoo Instant Messenger Cross-Site Scripting Vulnerability

This signature detects attempts to exploit a known vulnerability against Yahoo Instant Messenger. Versions 8.1.0.29 and prior are vulnerable. Attackers can inject scripting into the Last Name field of the chat window resulting in cross-site scripting.

Extended Description

Yahoo! Messenger is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the context of a victim's Internet Explorer temporary folder. This may help the attacker steal information and launch other attacks. Versions prior to 2.1.0.29 are vulnerable to this issue.

Affected Products

• Yahoo! Instant Messenger 3.5.0
• Yahoo! Instant Messenger build 733
• Yahoo! Instant Messenger build 734
• Yahoo! Messenger 4.0.0
• Yahoo! Messenger 5.0.0
• Yahoo! Messenger 5.0.0 .1046
• Yahoo! Messenger 5.0.0 .1065
• Yahoo! Messenger 5.0.0 .1232
• Yahoo! Messenger 5.5.0
• Yahoo! Messenger 5.5.0 .1249
• Yahoo! Messenger 5.6.0
• Yahoo! Messenger 5.6.0 .0.1347
• Yahoo! Messenger 5.6.0 .0.1351
• Yahoo! Messenger 5.6.0 .0.1355
• Yahoo! Messenger 5.6.0 .0.1356
• Yahoo! Messenger 5.6.0 .0.1358
• Yahoo! Messenger 6.0.0
• Yahoo! Messenger 6.0.0 .0.1643
• Yahoo! Messenger 6.0.0 .0.1750
• Yahoo! Messenger 6.0.0 .0.1921
• Yahoo! Messenger 7.0.0 .438
• Yahoo! Messenger 7.5.0 .814
• Yahoo! Messenger 8.0.0
• Yahoo! Messenger 8.0.0.863
• Yahoo! Messenger 8.0 2005.1.1.4
• Yahoo! Messenger 8.1.0.209
• Yahoo! Messenger 8.1.0.29

References

• BugTraq: 22269
• URL: http://www.securityfocus.com/archive/1/458305