Yahoo! Messenger Security Update: ActiveX Update
Yahoo! recently identified a security issue, commonly referred to as a buffer overflow in an ActiveX control. This control is part of the Yahoo! services suite typically downloaded with the installer for Yahoo! Messenger.
Some impacts of a buffer overflow might include being involuntarily logged out of a Chat and/or Messenger session, the crash of an application such as Internet Explorer, and in some instances, the introduction of executable code. For this specific issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their web page. To our knowledge, there have been no known executable code exploits related to this issue.
Who is affected?
If your computer has installed Yahoo! Messenger before Nov 2nd 2006, you should install the update.
How do I get the Security Update?
You can download the latest version of Yahoo! Messenger from http://messenger.yahoo.com.
Select the typical install option during the install process.
More info at http://messenger.yahoo.com/security_update.php?id=120806