Yahoo is working on a patch for critical Yahoo Messenger vulnerabilities that could enable a remote hacker to take control of a user's system. eEye Digital Security's researchers found the bugs within the last few weeks and reported them to Yahoo on Wednesday, according to Marc Maiffret, co-founder and CTO of the security company. eEye's researchers say there actually are multiple flaws in Version 8 of Yahoo's instant messenger client software. Maiffret was careful not to give out too much information about the flaw until Yahoo can issue a patch for it.
"We recently learned of a buffer overflow security issue in an ActiveX control. This control is part of the code for Web cam image upload and viewing. Upon learning of this issue, we began working towards a resolution and expect to have a fix shortly. This type of flaw is not going to be prevented by anti-virus. There's no real protection for this type of flaw," said Yahoo spokeswoman Terrell Karlsten. For the vulnerability to cause a problem, however, the user needs to take some kind of action.
News source: InformationWeek