Yahoo Messenger users are being urged to upgrade to the latest version after the application was hit by a 'highly critical' vulnerability.
The flaw allows for a buffer overflow attack against an ActiveX control bundled with the installer for the application. An attacker could exploit the vulnerability to take control of a system by luring a user to a specially crafted website.
Yahoo said in a security advisory that it is not aware of any attacks exploiting the flaw.
Danish security vendor Secunia gave the flaw a severity rating of 'highly critical', the fourth on a five step scale.
The flaw affects Yahoo Messenger versions 2005.1.1.4 and above. An update can be downloaded from Yahoo's website.
_(36).jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
_(33).jpg&h=140&w=231&c=1&s=0)
Melbourne Cloud & Datacenter Convention 2026
iTnews Executive Retreat - Data & AI Edition
.png&w=120&c=1&s=0)
iTnews Cloud Covered Breakfast Summit
iTnews State of Security Breakfast
The 2026 iAwards
_(1).jpg&h=140&w=231&c=1&s=0)
