14 DAY TRIAL // Yahoo Messenger is one of the most popular instant messaging clients that allow you to communicate with your friends or other users using powerful features developed by the company. As you probably know, Yahoo Messenger is not a simple chat client because it provides alternative messaging functions such as webcam, VoIP, file transfer, emoticons and even audibles representing some animated images and sounds that can be sent between two users.
Yahoo's application was updated several times but I guess the most important improvement is represented by the interoperability with Windows Live Messenger, a similar chat client developed by Microsoft that is now an important part of the Windows Vista operating system.
Because Yahoo Messenger is so popular, you should know that security company Secunia identified a security flaw that can allow an attacker to control a potential affected system. Although the security firm rated the vulnerability as less critical, it seems like version 8.1.0.209 is the only affected edition of the program.
"Input passed to the "First Name", "Last Name", and "Nickname" fields in the "Contact Details" option is not properly sanitized when displaying status notification messages to the user in a chat box. This can e.g. be exploited to execute a limited amount of arbitrary script code in the Local Zone (My Computer) context by inputting specially crafted image tags in the aforementioned fields, tricking a target user into adding the attacker to the messenger list, sending a message to the target user, and then changing the status e.g. from "Available" to "Invisible To Everyone," Secunia described the issue.
It looks like the vulnerability can be exploited only when the attacker is added into the potential victim's contact list, so the best probable solution against this security flaw would be to add only other trusted users of the Yahoo Messenger instant messaging client.
Yahoo Messenger was also tested by Softpedia and it is available as a free download on this link.