Vulnerability in Yahoo Messenger that can potentially allow a remote attacker to hijack your PC is you accept a webcam invite. Of course, your friends are not going to exploit the flaw when they invite you to a video chat. The threat is when you get invites from untrusted sources. The obvious advice is to never, ever accept webcam invites from untrusted sources.

Shockingly, McAfee, who has reported about the vulnerability, has posted the following advice on their blog:

http://www.avertlabs.com/research/blog/index.php/2007/08/15/more-on-the-yahoo-messenger-webcam-0day/

We recommend the following to users using Yahoo! Messenger Webcam:

1) Don’t accept webcam invites from untrusted sources until a patch for this is released.
2) It’s advisable to block outgoing traffic on TCP port 5100 until the vendor patches this vulnerability.

I have a lot of friends at McAfee and they are really bright people, but they really missed the boat with this advice. First of all accepting webcam invites from untrusted sources is always a bad idea. It doesn’t matter if Yahoo fixes this bug, it does not make it smart or secure to accept invites from untrusted sources. The second item is a bit incomplete. If you do not use Yahoo messenger, or any other software that requires port 5100, then block it now and leave it blocked until you do requires it, not just until the threat-du-jour has passed.

Hopefully my friends at Avert Labs will correct the flawed advice.

Randy Abrams
Director of Technical Education