Yahoo Fixes Messenger Flaw

The bug is caused by a flawed Yahoo Messenger ActiveX control that could be used by attackers to crash a chat session, bring down the Internet Explorer browser, or execute malicious code on a victimized PC.

Gregg Keizer, Contributor

December 15, 2006

1 Min Read
InformationWeek logo in a gray background | InformationWeek

Yahoo has patched a critical vulnerability in its Windows instant messaging client and has recommended that all users download and install an updated edition.

The bug, characterized as highly critical by Danish vulnerability tracker Secunia, is caused by a flawed Yahoo Messenger ActiveX control that could be used by attackers to crash a chat session, bring down the Internet Explorer browser, or execute malicious code on a victimized PC.

Yahoo downplayed the threat. "These impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their Web page," the portal and search company said in an online alert. "To our knowledge, there have been no known executable code exploits related to this issue."

All users who downloaded Yahoo Messenger prior to Nov. 2 should install the v. 8.1 update, Yahoo said. Affected users will be prompted to upgrade when they next log into Messenger.

Read more about:

20062006

About the Author

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights