Short Name |
CHAT:YIM:OVERFLOW:SPOOFED-NAME |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
CHAT |
Keywords |
Spoofed Filename |
Release Date |
2005/04/21 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects files with long and obfuscate names sent through Yahoo Instant Messenger. Attackers can hide the file type from the user, making it difficult to determine whether the file is safe to open.
A remote download dialogue box spoofing vulnerability affects Yahoo! Messenger. This issue is due to a design error that facilitates the spoofing of file names. An attacker may leverage this issue to spoof downloaded file names to unsuspecting users. This issue may lead to a compromise of the target computer as well as other consequences. It should be noted that although only Yahoo! Messenger version 6.0.0.1750 is reportedly affected; earlier versions may be affected as well.