.
Madrid, December 5 2003 - Yahoo! has reported(*) that a vulnerability has
been detected in Yahoo's instant messaging client that could be exploited
remotely to run arbitrary code and take control of the affected system.
This problem stems from a buffer overflow in the "yauto.dll" library,
through the "Open()" function. An attacker could construct a web page that
sends an overlong argument to the function to provoke a buffer overflow on
the system.
According to Yahoo!, the problem only affects Yahoo! Messenger users who
have modified the configuration of Internet Explorer, switching the default
medium security settings to low.
(*) Yahoo! has published -at
http://messenger.yahoo.com/security/update4.html - a web page with
information about this vulnerability. This page also includes an automatic
checker -to test if the system is vulnerable- and has the patch to resolve
the problem.

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic