
The 'critical' vulnerabilities in the ActiveX component that controls webcams could allow an attacker to take control of a system by luring users to a specially crafted website or email message.
Researchers took less than 24 hours to create the exploit code after eEye published its advisory. The exploit has since been widely distributed through well known security sources including the Full Disclosure security mailing list.
Yahoo has urged users of the "All New Yahoo Messenger" to update to the latest version of the software. The application will prompt users of the available update when they sign-on.