We have seen the Yamanner worm spread throughout Yahoo over the past few days. This worm manages to spread without the user doing anything other than viewing a malicious email. Yahoo to its credit had already
fixed the exploit in it's new beta client.
After testing several popular web applications, we have found that several are in fact vulnerable to the very same type of exploit. Good coding practices, verifying that users are coming from an authorized form and that they are not submitting malicious code can protect developers against this type of exploit.
We will be sending notice to affected software vendors that we have identified at this time, however we currently do not have plans to publish specific applications until new releases/patches are available.
Jun 13th 2006
1 decade ago