14 DAY TRIAL // Yahoo Messenger's vulnerabilities are affecting the application continuously as more and more reports lead to security flaw discovered in the Sunnyvale company's tool. The bad thing about it is that we're all vulnerable to attacks as long as the parent firm doesn't patch the holes. But there's also a good thing: as long as the security companies report the flaws, the creators of the application can fix it quicker and we stay informed in order to avoid the successful exploitation of the holes. Today's reports show us a new vulnerability in Yahoo Messenger 8.1 that might allow an attacker to crash the program and obtain access on an affected system.
The folks from SecurityFocus first published the advisory on August 15, 2007 but today, they updated it as there was no solution for the flaw. Under the "Yahoo! Messenger KDU_V32M.DLL Remote Denial Of Service Vulnerability" title, SecurityFocus writes that "Yahoo! Messenger is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects Yahoo! Messenger 8.1.0; other versions may also be affected."
There is no solution available at this time but the security company didn't report any successful exploitation of the flaw. However, we're still waiting for an official advisory signed by the Sunnyvale company in order to find out if we're really vulnerable to attacks.
A few weeks ago, Yahoo Messenger was involved in another flaw as the security companies discovered a problem in the webcam support offered by the instant messaging client. After several days, the parent company confirmed the vulnerability and rolled out a new version of Yahoo Messenger that contains the patch to fix the flaw.
If you want to download the latest version of Yahoo Messenger, it is also published on Softpedia.