18 December 2006

Yahoo! ActiveX Vulnerability

A vulnerability has been reported in Yahoo! Messenger, which potentially can be exploited by malicious people to compromise a user's system in Yahoo! Messenger versions 5.x, 6.x, 7.x, 8.0.x

The vulnerability is caused due to an unspecified error in an ActiveX control and can be exploited to cause a buffer overflow.

The vulnerability is reported in versions obtained prior to Nov 2, 2006. Such buffer overflow's are commonly used by "booter" programs to crash your Yahoo client.

It is strongly recommended that you update to the latest version of Yahoo! Messenger, everytime you log into an older version you will automatically be prompted to update.

Security Update - Yahoo! Messenger