IM flaw allows attackers to take control of a system.
Yahoo Messenger users are being urged to upgrade to the latest version after the application was hit by a 'highly critical' vulnerability.
The flaw allows for a buffer overflow attack against an ActiveX control bundled with the installer for the application. An attacker could exploit the vulnerability to take control of a system by luring a user to a specially crafted website.
Yahoo said in a security advisory that it is not aware of any attacks exploiting the flaw.
Danish security vendor Secunia gave the flaw a severity rating of 'highly critical', the fourth on a five step scale.
The flaw affects Yahoo Messenger versions 2005.1.1.4 and above. An update can be downloaded from Yahoo's website.
Critical bug hits Yahoo Messenger
By Tom Sanders on Dec 19, 2006 9:17AM