Yahoo Patches Instant Messaging Flaw

Yahoo this week disclosed a security vulnerability in its Messenger software, issuing a patch for those running versions dated before March 13. Yahoo has since released two updates to Messenger, and will begin prompting users to upgrade at sign-in.

The flaw involves Messenger's audio conferencing feature, which makes use of an ActiveX control that contains a buffer overflow. A user must be tricked into viewing malicious HTML, which could come from a Web site or e-mail, Yahoo said. "Some impacts of a buffer overflow might include being involuntarily logged out of a Chat and/or Instant Messaging session, the crash of an application such as Internet Explorer, and in some instances, the introduction of executable code," the company explained.

Comments are closed.

Why Trust Us



At BetaNews.com, we don't just report the news: We live it. Our team of tech-savvy writers is dedicated to bringing you breaking news, in-depth analysis, and trustworthy reviews across the digital landscape.

BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.