Eight days after the release of exploit code for code execution holes in the Yahoo Messenger IM client, Yahoo has shipped a new version with patches for its Windows user base.
The latest security makeover, which is being distributed via the software's auto-update mechanism, covers two separate vulnerabilities that can be triggered when an attacker tricks the target into accepting a webcam invitation.
Yahoo confirmed in an alert that the flaws could open doors to remote code execution attacks.
Some impacts of a buffer overflow might include the introduction of executable code, being involuntarily logged out of a Chat and/or Instant Messaging session, and the crash of an application such as Yahoo! Messenger. For this specific security issue, these impacts could only be possible if an attacker is successful in prompting the Messenger user to accept a webcam invitation.
This is the second major security makeover for Yahoo Messenger this year.