Yahoo answers IM security flaw.

December 08, CNET News.com

Yahoo has issued an update to its instant−messaging software, in order to address a security flaw found in the application. The company said the security issue was related to a buffer overflow, which is a common security vulnerability in computer programs written in C and C++ that allows more information to be added to a chunk of memory than it was designed to hold. Typical problems involved in an instant−messaging−related buffer overflow might include an involuntarily log−out of an IM session, a crash of browsing software applications, and a possible introduction of executable code. According to Yahoo, only a small percentage of the company's IM software users might be vulnerable as a result of the flaw. Yahoo said customers who changed their Explorer security settings from "medium" to "low" could be affected. The company said that even in that case, an attacker would have to lure a user of Yahoo IM to view malicious HTML code. Most often this would entail clicking a link sent through IM that leads back to a Web page hosting the code. Before changing an IE security setting to low, individuals are warned by the browser that the setting is considered "highly unsafe." Yahoo said it has not yet heard of any successful attacks based on the buffer flaw.

The update is available on the
Yahoo Website: http://messenger.yahoo.com/messenger/security/

Source: http://news.zdnet.co.uk/communications/0,39020336,39118352,0 0.htm