Torseq Tech

**Name of the Vulnerable Software and Affected Versions** Yahoo! Messenger versions 5.x through 6.0 **Description** The issue allows local users to obtain sensitive information from other users due to the Logfile feature not properly warning later users when it has been enabled. This feature can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users. **Recommendations** For Yahoo! Messenger versions 5.x through 6.0, consider disabling the Logfile feature to prevent unauthorized access to sensitive information. As a temporary workaround, restrict access to the ypager.log file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Yahoo! Messenger versions 5.x through 6.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a disconnect from the server. This is achieved by sending a room login or a room join request packet with a third colon and an ampersand, which causes Messenger to send a corrupted packet to the server. **Recommendations** For Yahoo! Messenger versions 5.x through 6.0, consider restricting the use of the YMSGR URL handler until a patch is available. As a temporary workaround, avoid using the room login or room join request functionality with packets containing a third colon and an ampersand to minimize the risk of exploitation.