Yahoo fixes critical Messenger flaw

Posted by Humphrey Cheung

Yahoo has issued a patch for a vulnerability in Yahoo! Messenger that could allow attackers to crash chat sessions and execute code. The vulnerability was rated as "Highly Critical" by the Secunia security website and involved an ActiveX module inside of the popular chat program.

Yahoo said the vulnerability wasn't a big deal because Messenger users had to be tricked into visiting a specially crafted webpage with malicious HTML code. In addition, the company said there were no known exploits in the wild.

Messenger users who installed the program before November 2nd should install the new 8.1 update.