14 DAY TRIAL // Yahoo Widgets is an attractive platform powered by the Sunnyvale company that provides tiny and eye-candy utilities able to bring some simple functions straight on your desktop. The product is quite popular and, because you might be one of the users, you must know that Yahoo Widgets must be updated as soon as possible to keep your computer secure. Why, you'll ask? Because the owner Yahoo discovered a highly critical security flaw that can allow an attacker to obtain unauthorized access to the system. Security company Secunia said the 4.0.3 build 178 version of the program is surely affected by the flaw but older releases might be also vulnerable to attacks.
"The vulnerability is caused due to a boundary error within the YDPCTL.YDPControl.1 (YDPCTL.dll) ActiveX control when handling the "GetComponentVersion()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (greater than 512 bytes) to the affected method," Secunia wrote about the security flaw.
"Some impacts of a buffer overflow might include the introduction of executable code and the crash of an application such as Internet Explorer. For this specific security issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their web page," Yahoo also described the flaw.
According to the Sunnyvale company, only the Windows version is affected by the flaw so, if you're a Mac user, you can still safely use the application.
At this time, the parent company Yahoo encourages users to download the latest versions of Widgets by displaying a notification when running the program, informing them about the availability of a new version. If you want to download the latest release of the Yahoo Widgets platform, you can take it straight from Softpedia.