I have been aware of the latest Yahoo! Jukebox and until recently Messenger exploits for about a week. Starting on the 3rd of February, three critical vulnerabilities were posted for datagrid.dll and mediagrid.dll which are part of the Yahoo! Jukebox offering (http://www.securityfocus.com/bid/27578, http://www.securityfocus.com/bid/27579, http://www.securityfocus.com/bid/27590). The reason that I waited so long to post this is because the details were inconsistent and it didn’t add up to me. The versions of Messenger that were listed as vulnerable are absolutely ancient with the most recent being version 5.x. I tried to find similar DLLs on my system (I have 9.0 beta) but they were simply not present even with the Yahoo! music plug-in. This leads me to believe that this exploit is a non-issue and doesn’t really deserve any attention besides possible research material.

As of the 7th of February the postings from SecurityFocus have been changed to reflect that only Yahoo! Music Jukebox 2.2 is affected. What appeared to be a great exploit for Messenger has become nothing.

Except, maybe, for people still having this old version of Messenger ?
Here is an opportunity to verify that : do people around here still have old machines connected to the internet ? Do you have these files on your machines ?
Personnally, I recommend using old machines (obviously sold with old Windows versions) without any important data as surfing machines, leaving their important machines off the Internet. So, such old machines will probably have this exploit.

Perhaps but Yahoo! issues mandatory updates to critical exploits. You usually have to try fairly hard not to get the update once Yahoo! has issued one.