When users of the software log on to the IM network or enter a chat room, Yahoo is prompting them to install the patches. In addition, the company posted the patches on its Web site.
A buffer overflow is a common security vulnerability in computer programs written in C and C++ that allows more information to be added to a chunk of memory than it was designed to hold.
Buffer overflow attacks in Yahoo IM and Yahoo Chat could lead to a number of problems, according to a Yahoo representative. For example, people could be involuntarily logged out of an application. More seriously, it could allow the introduction of executable code, allowing a malicious programmer to take control of a user's machine, delete files and otherwise wreak havoc with a victim's computer system.
Such an attack could only happen if a victim were persuaded to view malicious HTML code, for example, by clicking on a link sent through IM that leads back to a Web page hosting the code. Yahoo said it was not aware of any IM or chat users compromised in this way.
A company representative said Yahoo was informed of the vulnerability by a member of the security community. Yahoo on Friday forwarded details of the vulnerabilities and their fixes to the Bugtraq security mailing list and Carnegie Mellon's CERT (Computer Emergency Response Team) security coordination center.
Well done someone is actually doing something about the "booting" in yahoo chat, i modified messenger so as not to allow this kind of intrusion and all has been fine(over 1yr on messenger)but i can't help but think of everyone who gets these buffer overflows, hard drive intrusions,log offs, personal account details such as user password changes etc.
Alot of people report these matters to yahoo as yahoo themselves, in the terms of service request that they be contacted with any abuse or misuse of the service.Yahoo do know full well what is happening within there messenger especially with regards to peoples user passwords being changed, which means they need to end all of these "boot" programmes and the like for surely it is an abuse of there messenger system and privacy act,an abusive of the internet communications and most certainly falls in the "hacking" area due to the means of altering,coping,deletion of files,virus implementation and other executionable files.
So if i can help in any way, i will be there all the way whole hearted, mighty pleased to see this site again great work.