Security makeover for Yahoo Messenger
The latest security makeover, which is being distributed via the software's auto-update mechanism, covers two separate vulnerabilities that can be triggered when an attacker tricks the target into accepting a webcam invitation.
[ SEE: Beware of strange Yahoo Messenger webcam invites ]
Yahoo confirmed in an alert that the flaws could open doors to remote code execution attacks.
Some impacts of a buffer overflow might include the introduction of executable code, being involuntarily logged out of a Chat and/or Instant Messaging session, and the crash of an application such as Yahoo! Messenger. For this specific security issue, these impacts could only be possible if an attacker is successful in prompting the Messenger user to accept a webcam invitation.
This is the second major security makeover for Yahoo Messenger this year.