14 DAY TRIAL // Yahoo Messenger is surely the most popular instant messenger client on the Internet with millions of users that are using the application every day. The latest version of Yahoo Messenger is now 8.1.0.209, containing powerful features that are meant to improve the chat experience.
Security software Secunia reported a vulnerability in Yahoo Messenger that can allow attackers to control a vulnerable system. Secunia rated the flaw as highly critical saying that vulnerable users must update the application to the latest version.
"The vulnerability is caused due to an unspecified error in an ActiveX control and can be exploited to cause a buffer overflow. No further information is currently available. The vulnerability is reported in versions obtained prior to Nov 2, 2006," Secunia said.
Yahoo also identified the security issue and confirmed the solution provided by Secunia, saying that you must update to the latest version of Yahoo Messenger because the flaw is really critical. The company recommends updating the program via the update functions included in the software solution because choosing not to update will keep your computer vulnerable to attacks.
"Some impacts of a buffer overflow might include being involuntarily logged out of a Chat and/or Messenger session, the crash of an application such as Internet Explorer, and in some instances, the introduction of executable code. For this specific issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their web page. To our knowledge, there have been no known executable code exploits related to this issue," Yahoo said.
Yahoo Messenger was also tested by Softpedia and it is available as a free download HERE.