Just when Yahoo thought they'd fixed up
their messenger, new exploits surface
. Today, both AOL Instant Messenger and Yahoo Instant Messenger had vulnerabilities disclosed for them from third party sources.
The exploit on the AIM side isn't terribly severe, at least according to Secunia
, whom is rating the AIM exploit as “Less Critical”. It can be exploited if you accept anonymous messages, so disable those if you are concerned about the issue.
For Yahoo, it's a bit bigger of an issue. This is not good news for YIM, which is now dealing with the third severe hole found in the past three months. Example code is linked which can demonstrate the vulnerability, and it could easily lead to a machine being compromised.