A
vulnerability has been identified in Yahoo! Messenger, which could be
exploited by attackers to take complete control of an affected system.
This flaw is due to a buffer overflow error in the "YMMAPI.YMailAttach"
(ymmapi.dll) ActiveX control when handling malformed arguments passed
to certain methods, which could be exploited by remote attackers to
execute arbitrary commands by tricking a user into visiting a specially
crafted web page.
Affected Products
Yahoo! Messenger versions 8.x and prior
Solution
Upgrade to the latest version :
http://messenger.yahoo.com/download.php