An attacker can exploit the vulnerability to execute arbitrary code onto an affected PC, causing web browsers to crash. To infect a PC, a malicious user would have to convince a victim - most likely by using social engineering - to view a specially crafted HTML email message or attachment, according to US-CERT.
Yahoo urged users who have a Windows version of Messenger obtained before Nov. 2 to update. No exploit code has been released for the flaw, according to a Yahoo advisory.
Messenger users will be prompted to update every time they sign on, according to the Sunnyvale, Calif. web giant.
US-CERT also issued a workaround for the flaw, advising users to disable ActiveX controls in the Internet Zone.
Click here to email Online Editor Frank Washkuch Jr.
_(33).jpg&h=140&w=231&c=1&s=0)
_(37).jpg&h=140&w=231&c=1&s=0)
iTnews Cloud Covered Breakfast Summit
Huntress _declassified Virtual Event
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
Melbourne Cloud & Datacenter Convention 2026
iTnews Executive Retreat - Data & AI Edition
_(1).jpg&h=140&w=231&c=1&s=0)
