NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0264 Yahoo Patches Widgets, Fixes Windows Hijack Bug:

Yahoo Widgets, a platform that runs small web-based gadget-like applications on computer desktops, sports a critical flaw that hackers can use to hijack Windows. A bug in an ActiveX control that ships with Yahoo Widgets can be exploited to create a buffer overflow and, after that, introduce rogue code to the compromised computer. The most likely attack scenario, said Yahoo, would find attackers feeding users' links to malicious web sites. Yahoo issued an update to Widgets' engine earlier this week, but it was just today that Danish security firm Secunia, which reported the bug to Yahoo, announced the flaw. Secunia pegged the problem as "extremely critical," the second-highest threat rating in its five-step scoring system. Users have reported, however, that although they have the Widgets' automatic update mechanism turned on, they have not received notice of the patch. Yahoo acknowledged this in a security advisory posted on the Widgets site. Only the Windows version of Yahoo Widgets is at risk; the Mac OS/X edition does not need to be updated.

(vnunet.com 25JUL07)

Last Modified: Wednesday, 01-Aug-2007 23:44:01 EDT