14 DAY TRIAL // Yahoo Messenger is surely the most popular instant messaging client on the Internet with millions of users all over the world. As I recently said, the Yahoo Messenger users are now contributing to the number of the Yahoo Mail clients because the accounts are also compatible with the mail service. Although it is so popular, it doesn't necessarily mean that Yahoo Messenger is safe and secure. The best example is represented by a security advisory published by Secunia that discovered a highly critical flaw in the instant messaging client. According to the company, an attacker can exploit the flaw and create a remote connection to be able to control the entire system.
"The vulnerability is caused due to a boundary error within the AudioConf ActiveX control (yacscom.dll) component of Yahoo! Messenger. This can be exploited to cause a stack-based buffer overflow by setting the "socksHostname" and "hostName" properties to an overly large string and then calling the "createAndJoinConference()" method," Secunia sustained in the security advisory.
The security flaw was discovered in Yahoo Messenger 5.x, 6.x, 7.x and 8.x and can be exploited when a user visits a malicious site containing an infected script able to compromise the system. Secunia rated the flaw as highly critical and sustained the only solution is to update to the latest version of the application, available on Softpedia.
This is not the first time when Yahoo Messenger is affected by security flaws that make users' computers vulnerable to attacks because the instant messaging client is continuously scanned for potential vulnerabilities. Although it is under attacks, Yahoo Messenger remains the most popular chat client on the Internet, providing more than simple communication features such as webcam, file transfer, conference, audibles and even photo sharing.