Just a wee reminder....
Tag it:
Furl it!
Friday, 23 February 2007

consider upgrading to Yahoo! Messenger v8.1.0.239simply because I've recently bumped into quite a few people still running beta releases of Yahoo! Messenger version 8 :)

The last version 8 beta was (released 5 July 06), the first GA out the door on 27 July 06 was and there has been a few versions released since so do give some consideration to upgrading to something a little more stable and if you need a couple of great reasons why you should upgrade sooner rather than later, check out the following...

On 25 October 2006 FrSIRT (French Security Incident Response Team) released a security alert Yahoo! Messenger Conference Invite "room name" Denial of Service Vulnerability (low risk) which is applicable to all versions of Yahoo! Messenger below v8.1.0.195...

"A vulnerability has been identified in Yahoo! Messenger, which could be exploited by remote attackers to cause a denial of service. This flaw is due to a NULL pointer dereference error when processing conference invites containing a specially crafted "room name" parameter, which could be exploited by remote attackers to crash a vulnerable client via a malicious invite request."

solution... upgrade to version (for Windows 98 / 2000 / ME / XP) released 24 October 06
Direct Download Location: http://download.yahoo.com/dl/msgr8/us/ymsgr810_195_us.exe

and for another compelling reason to upgrade (again), on 8 December 2006 Yahoo! released Yahoo! ActiveX Update...

What is the security issue?
Yahoo! recently identified a security issue, commonly referred to as a buffer overflow in an ActiveX control. This control is part of the Yahoo! services suite typically downloaded with the installer for Yahoo! Messenger.
What is the potential impact?
Some impacts of a buffer overflow might include being involuntarily logged out of a Chat and/or Messenger session, the crash of an application such as Internet Explorer, and in some instances, the introduction of executable code. For this specific issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their web page. To our knowledge, there have been no known executable code exploits related to this issue.

also reported on 15 December 2006 at FrSIRT who released Yahoo! Messenger YMailAttach" ActiveX Control Remote Code Execution Vulnerability (critical)....

"A vulnerability has been identified in Yahoo! Messenger, which could be exploited by attackers to take complete control of an affected system. This flaw is due to a buffer overflow error in the "YMMAPI.YMailAttach" (ymmapi.dll) ActiveX control when handling malformed arguments passed to certain methods, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page."

to address this issue, people running versions of Yahoo! Messenger released prior to 2 November 2006 were advised to upgrade immediately to the latest version which at the time was (for Windows 98 / 2000 / ME / XP) released 30 November 06
Direct Download Location: http://download.yahoo.com/dl/msgr8/us/ymsgr810_209_us.exe

but if you want the latest version of Yahoo! Messenger currently available you'll need this one: (for Windows 98 / 2000 / ME / XP) released 19 January 07
installer available from http://messenger.yahoo.com/download.php
or Direct Download Location: (if you have installer issues)

how to check what version of Yahoo! Messenger you're running If you are unsure what version of Yahoo! Messenger you are currently running
from within Yahoo! Messenger click Help > About Yahoo! Messenger a wee About box pops up telling you what version you have installed :)

Need more help?
try Yahoo! Answers ~ Yahoo! Messenger Category
feel free to ask out our forum or check out the following pages for more information
WackyB.co.nz ~ Yahoo! Messenger v8 information & WackyB.co.nz ~ Yahoo! Messenger Current Versions

Last Updated ( Friday, 23 February 2007 )