Zero-day exploit codes targeting Yahoo and AOL instant-messenger services could put frequent IM users at risk to new attacks.
A non-vendor disclosed vulnerability within Yahoo Messenger has been exploited by two different code releases Wednesday. This is the third security glitch for Yahoo Messenger in as many months. There is no workaround or patch available yet for these exploits.
A second non-vendor disclosed vulnerability in AOL Instant Messenger targets how users are notified of new IMs. Security vendor Secunia recommends that current AIM users disable that option until a patch is available.
ZDNet blogger Ryan Naraine has more information and links to the exploit codes.