back in october there was an exploit that came out for Yahoo and i warned folks here about it. At that time i was told it was nothing to worry about because yahoo IM auto updates...not this time:

°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤°º¤ø,¸¸,ø¤º°°°º¤º°`°º¤ø


"I already contacted Yahoo couple days ago...
.......After reading your email, I removed my YIM and downloaded the new one
from their
website and you are right; the newest version 5.6.0.1358 is not vulnerable.
However,
there is NO WAY to upgrade from 5.6.0.xxxx to 5.6.0.1358 except you
reinstall
YIM; and of course Yahoo doesn't tell anybody about it either.

If you go to http://messenger.yahoo.com/messenger/security/ you will see
there is
no update for this vulnerability. Again, the only way to patch it is
reinstall YIM

°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤°º¤ø,¸¸,ø¤º°°°º¤º°`°º¤ø

read about it:

http://www.packetstormsecurity.org/0...es/yahooIM.txt