Yahoo has confirmed -- and fixed -- another nasty code execution hole affecting users of its Yahoo Messenger chat client.
The latest flaw comes one week after Yahoo was forced to upgrade the instant messaging tool to correct an unrelated security vulnerability.
A new advisory from Yahoo spells out the risk:
Some impacts of a buffer overflow might include involuntary log out of a Yahoo! Chat and/or Yahoo! Messenger session, the crash of an application such as Internet Explorer, and in some instances, the introduction of executable code. In this case, these problems could only happen if an attacker successfully lured the Yahoo! Messenger user to view malicious HTML code, most likely by getting a person to visit the attacker’s web page. To our knowledge, there have been no known malicious executable code exploits related to this issue.
iDefense Labs, the company credited with reporting the bug, has more details.