Yahoo Messenger users are being urged to upgrade to the latest version after the application was hit by a 'highly critical' vulnerability.
The flaw allows for a buffer overflow attack against an ActiveX control bundled with the installer for the application. An attacker could exploit the vulnerability to take control of a system by luring a user to a specially crafted website.
Yahoo said in a security advisory that it is not aware of any attacks exploiting the flaw.
Danish security vendor Secunia gave the flaw a severity rating of 'highly critical', the fourth on a five step scale.
The flaw affects Yahoo Messenger versions 2005.1.1.4 and above. An update can be downloaded from Yahoo's website.