Yahoo issued on Friday security patches for its Yahoo Instant Messenger and Yahoo Chat clients in an effort to fix a buffer overflow vulnerability discovered in the software.

When users of the software log on to the IM network or enter a chat room, Yahoo is prompting them to install the patches. In addition, the company posted the patches on its Web site.

A buffer overflow is a common security vulnerability in computer programs written in C and C++ that allows more information to be added to a chunk of memory than it was designed to hold.

Buffer overflow attacks in Yahoo IM and Yahoo Chat could lead to a number of problems, according to a Yahoo representative. For example, people could be involuntarily logged out of an application. More seriously, it could allow the introduction of executable code, allowing a malicious programmer to take control of a user's machine, delete files and otherwise wreak havoc with a victim's computer system.

Such an attack could only happen if a victim were persuaded to view malicious HTML code, for example, by clicking on a link sent through IM that leads back to a Web page hosting the code. Yahoo said it was not aware of any IM or chat users compromised in this way.

Full Article:
CNet News