Yahoo Inc. released an updated version of it Messenger instant messaging client today, in response to a discovered pair of security vulnerabilities that could allow an attacker to gain remote control of a user’s pc running the software. The bugs were found in the Messengers webcam ActiveX controls, which become installed and exploitable when the user views or streams webcam video content through Messenger. An attacker can then take advantage of the flawed ActiveX controls to compromise the user’s system when they unknowingly execute malicious code on the attackers website.
“For this specific security issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their web page”, Yahoo stated in a security advisory on the matter. eEye Digital Security Inc., a third-party digital security research organization informed Yahoo about the flaws who then patched Messenger a day later. “Over the next several weeks, users worldwide will be prompted to update to a new version of Yahoo! Messenger upon signing into the service,” Yahoo announced on its messenger website. “If you choose not to update, the vulnerability will still exist.” You can download the latest version of Yahoo! Messenger from http://messenger.yahoo.com/download.php.