back in october there was an exploit that came out for Yahoo and i warned folks here about it. At that time i was told it was nothing to worry about because yahoo IM auto updates...not this time:
°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤°º¤ø,¸¸,ø¤º°°°º¤º°`°º¤ø
"I already contacted Yahoo couple days ago...
.......After reading your email, I removed my YIM and downloaded the new one
from their
website and you are right; the newest version 5.6.0.1358 is not vulnerable.
However,
there is NO WAY to upgrade from 5.6.0.xxxx to 5.6.0.1358 except you
reinstall
YIM; and of course Yahoo doesn't tell anybody about it either.
If you go to http://messenger.yahoo.com/messenger/security/ you will see
there is
no update for this vulnerability. Again, the only way to patch it is
reinstall YIM
°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤°º¤ø,¸¸,ø¤º°°°º¤º°`°º¤ø
read about it:
http://www.packetstormsecurity.org/0...es/yahooIM.txt