Yahoo! Widgets > Yahoo! Widgets Help > Security
About the July 24, 2007 Widgets Security Updates
Text Size: A A A

Save to My Help

Save this article to My Help for easy reference. You can visit the article at any time from any computer.

Replace an article

You have reached the maximum number of saved articles. Your oldest saved article will be replaced with the new one.

Do I need to update Yahoo! Widgets to the new version?
Yes, if you have installed a version of Yahoo! Widgets obtained before July 20, 2007 on a Windows PC.

How do I get the Security Update?
You can download the latest version of Yahoo! Widgets from [url]http://widgets.yahoo.com/download[/url].

What is the security issue?
Yahoo! recently learned of a security issue, commonly referred to as a buffer overflow, in an ActiveX control. This control is part of the software package downloaded with Yahoo! Widgets.

How did Yahoo! learn of this?
Yahoo! has relationships with third-party security organizations and researchers. Secunia informed Yahoo! of this particular security issue.

What is the potential impact?
Some impacts of a buffer overflow might include the introduction of executable code and the crash of an application such as Internet Explorer. For this specific security issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their web page.

Who is affected?
Yahoo! Widgets users who inadvertently view malicious HTML code on an attacker's website. If your computer has installed Yahoo! Widgets before June 20, 2007, you should install the update.

Why do I have to install the update?
Installing the update helps protect against exploits of this issue that may be developed.

How long will it take?
The update should take no more than a couple minutes, although the exact time depends on the speed of your Internet connection.

What if I don't install the update?
Over the next several weeks, users worldwide will be prompted to update to a new version of Yahoo! Widgets upon launching the application. If you choose not to update and you have not updated via this page or at [url]http://widgets.yahoo.com[/url], the vulnerability will still exist.

I'm a technical user. What is the CLSID and exact version of the control that contains the fix?
The CLSID being affected is 7EC7B6C5-25BD-4586-A641-D2ACBB6629DD and the version is any version prior to 2007.7.13.3.

Go Back to Yahoo! Widgets
Save to My Help
Display in new window

Was this information helpful?      

My Help

Forgot your ID or password?

Sign In

Sign in to see your account information saved articles and more.

  1. Recent Searches

  2. Saved Articles

    Sign in to see your account information saved articles and more.

Top Questions

Still Need Help?

Contact Customer Care

Related Links