Researchers at eEye Digital Security has found several high-risk code execution holes in the Yahoo Messenger instant messaging program.
eEye has released a bare bones alert to warn Windows users of the remote code execution attack scenario.
Multiple flaws exist within Yahoo! Messenger which allow for remote execution of arbitrary code with minimal user interaction.
As per its disclosure policy, eEye is not releasing any additional details. The flaw, which affects Yahoo Messenger 8.x, has been reported and confirmed by Yahoo.
[UPDATE: June 7, 2007 @ 8:57 PM] Exploit code and technicals details are now public. If you use Yahoo Messenger, be sure to follow the mitigation guidance available.