A flaw in Yahoo Messenger can be exploited to launch attack onto user’s computer. It is due to an integer overflow in „CYImage:LoadJPG()“ method when allocating memory using the image dimensions data. An attacker may exploit the flaw to cause buffer overflow.

A successful attack allows to execute arbitrary code.

Flaw was confirmed in version 11.5.0.152. Users should upgrade to version 11.5.0.155.

Source: Secunia
13.01.2012