Content
Exploit-YIMCAM
- Type
- Trojan
- SubType
- Exploit
- Discovery Date
- 06/14/2007
- Length
- varies
- Minimum DAT
- 5053 (06/14/2007)
- Updated DAT
- 5163 (11/14/2007)
- Minimum Engine
- 5.1.00
- Description Added
- 06/14/2007
- Description Modified
- 06/27/2007 1:56 AM (PT)
Tab Navigation
Characteristics
Exploit-YIMCAM is a generic detection for Yahoo! Webcam ActiveX Controls buffer overflow vulnerability.
The Buffer Overflow vulnerabilities are in ywcupl.dll and ywcvwr.dll ActiveX controls of Yahoo Messenger which can be exploited by a malicious user to cause remote code execution.
Symptoms
This detection is sufficiently generic, such that it can cover a number of threats that contain the exploit code. Therefore, it is not possible to describe specific symptoms or details about system changes that can occur from this threat. However, simply seeing this detection does not mean that any exploit code was run at all as such exploit code could only run on a vulnerable system.
Additionally some exploits simply cause Internet Explorer to crash and nothing more.
Method of Infection
This threat could be delivered via an email message, IM or an infectious web page.
Removal
A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Variants
Variants
N/A
All Information
Overview -
Exploit-YIMCAM is a generic detection for Yahoo! Webcam ActiveX Controls buffer overflow vulnerability.
Aliases
- JS_AGENT.TRK (Trend Micro)
- Trojan-Downloader.JS.Agent.hy (Kaspersky)
Characteristics
Characteristics -
Exploit-YIMCAM is a generic detection for Yahoo! Webcam ActiveX Controls buffer overflow vulnerability.
The Buffer Overflow vulnerabilities are in ywcupl.dll and ywcvwr.dll ActiveX controls of Yahoo Messenger which can be exploited by a malicious user to cause remote code execution.
Symptoms
Symptoms -
This detection is sufficiently generic, such that it can cover a number of threats that contain the exploit code. Therefore, it is not possible to describe specific symptoms or details about system changes that can occur from this threat. However, simply seeing this detection does not mean that any exploit code was run at all as such exploit code could only run on a vulnerable system.
Additionally some exploits simply cause Internet Explorer to crash and nothing more.
Method of Infection
Method of Infection -
This threat could be delivered via an email message, IM or an infectious web page.
Removal -
Removal -
A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
