Exploit Code Out For Yahoo IM Flaws

UPDATE: Yahoo has posted a fix for the security flaws with the release of Yahoo Messenger 8.1.0.401 Code for two exploits in Yahoo Messenger first disclosed earlier this week by security firm eEye appeared on the Full Disclosure mailing list on Thursday. At the current time, the only fix is to set the 'kill bits' in the ActiveX controls responsible for the vulnerabilities, although it requires a system registry edit.

The first set of code takes advantage of buffer overflow issues within the Webcam ActiveX component, while the other causes a buffer overflow in the ywcvwr.dll viewer. The issues affect both Yahoo Messenger 8.0 and 8.1 running on Windows.