See also the blog entry by Yahoo! at http://blog.messenger.yahoo.com/blog/2007/06/08/security-update/
For users who want the offline installer, they can download it at http://download.yahoo.com/ycs/msg/dl/msgr8/us/ymsgr810_401_us.exe (direct download)
Users of Yahoo's Messenger Instant Messaging need to move to the latest version as quickly as possible. Two serious seriousy vulnerabilities have surfaced that are now being exploited in-the-wild
Yahoo repaired these deficiencies within hours and the first link below provides the site for downloading the more secure version.
Solution -- Update to the latest version:
Yahoo Messenger exploits seen in the wild
Two Yahoo Messenger vulnerabilities (with PoCs)
Yahoo Messenger - Overview of Vulnerabilities
QUOTE: Two vulnerabilities in Yahoo Messenger can be exploited by malicious people to compromise a user's system.
1) A boundary error within the Yahoo! Webcam Upload (ywcupl.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the "Server" property and then calling the "Send()" method.
2) A boundary error within the Yahoo! Webcam Viewer (ywcvwr.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the "Server" property and then calling the "Receive()" method.
Successful exploitation of the vulnerabilities allows execution of arbitrary code. The vulnerabilities are confirmed in version 184.108.40.206. Other versions may also be affected.