CNET is reporting that a new Yahoo! Messenger Exploit has been found. The story (http://news.com.com/2100-1002_3-6144110.html?part=rss&tag=2547-1_3-0-5&subj=news) states that all versions prior to November 2, 2006 are affected and by downloading the latest version (8.1) you will be protected. The bug was apparently first reported to Secunia (http://secunia.com/advisories/23401/). No details or exploit code has been published.

No my question, which ActiveX control does this affect and does anyone of the juicy detail of this one? Additional links can be found at http://news.zdnet.com/2100-1009_22-6144110.html and http://messenger.yahoo.com/security_update.php?id=120806.

A little bit more has come out of this exploit. SecurityFocus has picked up on it at http://www.securityfocus.com/bid/21607/info and US-CERT has a better description at http://www.kb.cert.org/vuls/id/901852.