• Downloading from our site will require you to have a paid membership. Upgrade to a Premium Membership from 10$ a month today!

    Dont forget read our Rules! Also anyone caught Sharing this content will be banned. By using this site you are agreeing to our rules so read them. Saying I did not know is simply not an excuse! You have been warned.

vBulletin Forum & Suite 4.1.12 & 4.2.0 Patch Level 3

Admin

Well-Known Member
Staff member
Administrator
vBulletin 4 Security Patch for Potential Yahoo! User Interface Library Exploit - 11/01/2012

A recent Yahoo! report indicated a potential SWF exploit vector involving the Yahoo! User Interface Library (YUI). Upon review, the vBulletin team has determined that the vBulletin 4 Asset Manager is affected. Once the issue was identified, updated YUI files were requested from Yahoo! to eliminate the reported threat.

This issue affects ALL vBulletin 4 SUITE and FORUM versions. vBulletin 3 and vBulletin 5 are not affected.

Security patches have been released for vBulletin 4.1.12 and vBulletin 4.2.

vBulletin 4 Customers Running 4.1.12 or 4.2:
Please install the patch immediately.

  1. Download the patch for the version of vBulletin you're currently running from https://members.vbulletin.com/patches.php.
  2. Extract the vBulletin patch files from the zip file.
  3. Upload the patch files to your server, overwriting the old files.

The upgrade.php script does not need to be run.

vBulletin 4 Customers Not Running 4.1.12 or 4.2:
Please upgrade to vBulletin 4.1.12 PL3 or vBulletin 4.2 PL3. If you do not wish to upgrade at this time, the potential exploit can be addressed by updating Server Settings and Optimization Options using the following steps:

  • Log into your Admin CP.
  • Expand the "Settings" menu in the leftnav.
  • Click on the "Options" link.
  • Select "Server Settings and Optimization Options" from the list and click the "Edit Settings" button.
  • Make sure "Yahoo!" is selected in the "Use Remote YUI" section.
  • Scroll to the bottom of the screen and click the "Save" button.

This change will set your forum to use the latest YUI file hosted by Yahoo!. The potential exploit vector will be closed once you've performed this change. It is strongly recommended that you do so immediately.

As with all security-based releases, we recommend that all affected customers upgrade as soon as possible.

Advanced Users:
Files updated in vBulletin 4.1.12 PL3 and 4.2 PL3.

  • clienstcript/yui/uploader/assets/uploader.swf
  • includes/version_vbulletin.php

Please note that this list does not contain the files changed in any previous patches for these versions. Only the files changed in vBulletin 4.1.12 PL3 and 4.2 PL3 are listed.

Yahoo!'s announcement regarding the potential YUI exploit can be found - HERE

Licensed customers can discuss the security patch - HERE

Instructions on how to patch your vBulletin 4.1.12 or 4.2 site can be found - HERE
 

Facebook Comments

Similar threads
Thread starter Title Forum Replies Date
Admin Color in the forum link vBulletin Add-ons 0
Admin [DGT] vBulletin.Forum.v4.2.2.incl.KeyGen.PHP.NULL-DGT Vbb released 0
Admin [DGT] vBulletin.Forum.v4.2.2.PHP.NULL-DGT Vbb released 3
Admin vBulletin Forum 4.2.2 [ NULLED G3 | DNU & MC KEY | VBWAREZ ] Vbb released 2
Admin Potential Forum Runner XSS Exploit (vBulletin 4.1.12, vBulletin 4.2+) Bảo mật 0
Admin Dailymotion Publisher Kit in vBulletin – Make Money From Your Forum Vbb tutorial 0
Admin [vbb4vn] vBulletin Forum v4.2.1 Vbb released 0
Admin [DGT] vBulletin Forum v4.2.1 Vbb released 0
Admin Spice Up Your vBulletin Forum with Google CSS3 Web Fonts Vbulletin 0
Admin vt.Lai VBB Unique Link 1.1 - Loại bỏ tham số ?p=*** trên url forum vBulletin Add-ons 1
Admin vBulletin.Forum.v4.2.0.Patch.Level.3.incl.KeyGen.P HP.NULL-DGT Vbb released 4
Admin Announcing Forum Runner - vBulletin Android/iPhone/iPad App Add-ons 0
Admin vBulletin.Forum.v4.2.0.Patch.Level.3.PHP.NULL-FS Vbb released 0
S vBulletin Skin vnForce.com (Skin forum games) Style vbb 0
Admin [DGT] vBulletin Forum v4.2.0 Patch Level 2 incl KeyGen PHP NULL DGT Vbb released 0
Admin [vbb4vn] vBulletin Forum v4.2.0 Patch Level 2 Security Patch Vbb released 0
Admin [vbb4vn] vBulletin Forum v4.2.0 Patch Level 2 Security Patch Vbb released 0
Admin vBulletin.Forum.v4.2.0.Patch.Level.1.PATCH.ONLY.PH P.NULL-FS Vbb released 0
Admin vBulletin.Forum.v4.1.9.Patch.Level.4.PATCH.ONLY.PH P.NULL-FS Vbb released 0
Admin vBulletin.Forum.v4.1.10.Patch.Level.3.PATCH.ONLY.P HP.NULL-FS Vbb released 0
Admin vBulletin.Forum.v4.1.11.Patch.Level.3.PATCH.ONLY.P HP.NULL-FS Vbb released 0
Admin vBulletin.Forum.v4.1.12.Patch.Level.2.PATCH.ONLY.P HP.NULL-FS Vbb released 0
Admin [FS] vBulletin Forum v4.2.0 Vbb released 0
Admin [vbb4vn] vBulletin Forum v4.2.0 Null Vbulletin 0
Admin vBulletin Forum v4.1.11 Patch Level 1 PHP NULL-DGT Vbb released 0
Mr.khang Nhờ người làm dùm cái forum vbulletin Vbulletin 7
Admin [Share] vBulletin forum v4.1.11 alpha 2 Vbb released 8
Admin [Vbulletin 4.x] Last X threads in forumhome forum specific forums Vbulletin 0
zing4u.org vBulletin.com Forum upgraded to vBulletin4.1.11 FULL (DOWNLOAD AVAILABLE) Vbulletin 2
L Xin xin các pro giúp vBulletin Vbulletin 3
Admin Change the height of the cke text editor vBulletin Vbulletin 0
Admin Social Media vBulletin 5 Add-ons 0
Admin Ratings-Feedback vBulletin 5x Add-ons 0
Admin DRC - Live Previews vBulletin 3.8.x Add-ons 0
Admin Yilmaz - Postbit Background Usergroups vBulletin 5.x Add-ons 0
Admin Yilmaz - Back to Top vBulletin 5.x Add-ons 0
Admin JB: hCaptcha Human Verification vBulletin 4.x,x Add-ons 0
Admin DRC - reCAPTCHA v3 vBulletin 3.x Add-ons 0
Admin vBulletin 5.6.4 is now available for Download Vbulletin 0
Admin Yilmaz - Easy Postbit User Information Settings vBulletin 3.8.x Add-ons 0
V Share vBulletin Connect 5.6.2 pl1 Nulled 5.6.2 pl1 Vbb released 0
Admin vBulletin Connect 5.6.3 is now available for download. Vbulletin 13
Admin ProjectvB4 - Alpha vBulletin 4.2.x Add-ons 0
Admin vBulletin Connect 5.5.4 nulled by tuoitreit.vn Add-ons 2
Admin eBay Search function - code updated vBulletin Add-ons 0
Admin vBulletin Connect 5.5.3 nulled by tuoitreit.vn Add-ons 0
Admin Peel Away - Advertising vBulletin 5.4.x Add-ons 0
Admin Cloudflare Registration Tools vBulletin 4.2.5 Add-ons 0
Admin vBulletin 4.2.5 Green Style Add-ons 0
Admin All 31 skins from SultanTheme.com - for FREE and it's REAL for vBulletin 4.2.2 Add-ons 0

Similar threads

New posts New threads New resources

Top