www.my10sen.com

A new vulnerability in Yahoo’s instant messenger program can potentially cause unwanted code to run on a PC, according to security researchers and was later confirmed with Yahoo security officials. So far, no exploit code has been published.

The vulnerability affects Yahoo Messenger Version 8.1.0.413. It is triggered when a user accepts an invitation to use their Web camera. The type of vulnerability is called a heap overflow, where a piece of code can be executed with improper permissions, which can allow for further malicious behavior such as downloading other code.


McAfee is advising that people reject Web camera invitations until Yahoo issues a patch. Users can also block outgoing traffic on TCP Port 5100 which is affiliated with program’s operation