14 DAY TRIAL // The famous instant messaging client Yahoo Messenger is affected by highly critical vulnerabilities that might permit the attackers to obtain remote control on an affected system. The flaws were reported by eEye Digital Security, a security company that refused to offer more details until the parent company firm Yahoo manages to fix all of them. "Multiple flaws exist within Yahoo! Messenger which allow for remote execution of arbitrary code with minimal user interaction," it is mentioned in the security notification.
"It's the classic bug. Instead of targeting your network or perimeter, it can target your desktop or client applications. Most companies are heavily dependent on perimeter security, but this is a case where network firewalls and intrusion prevention won't be enough," said Marc Maiffret, eEye founder and chief technology officer, according to CNET News. "We recently learned of a buffer overflow security issue in an ActiveX control. This control is part of the code for webcam image upload and viewing. Upon learning of this issue, we began working towards a resolution and expect to have a fix shortly," said Terrell Karlsten, a Yahoo spokesman, according to the same source.
This is not the first time when Yahoo Messenger is affected by more or less critical vulnerabilities. Some time ago, the instant messaging client was brought in the spotlights because it was discovered that several flaws could harm the users' computers and invite attackers to view private date. However, the Sunnyvale company moved fast enough to fix the flaws and avoid successful exploitations.
Yahoo Messenger is more than a simple instant messaging client and this is proved especially by advanced features such as video conference, file transfer, emoticons, audibles, VoIP and the interoperability with Yahoo 360, the giant portal's blog service. If you want to download the latest version of Yahoo Messenger, you can take it straight from Softpedia.