Yahoo has released a new version of Messenger, their instant messaging client. Yahoo’s bulletin lists the impact as:
Some impacts of a buffer overflow might include the introduction of executable code, being involuntarily logged out of a Chat and/or Instant Messaging session, and the crash of an application such as Internet Explorer. For this specific security issue, these impacts could only be possible if an attacker is successful in prompting someone to view malicious HTML code, most likely executed by getting a person to visit their web page.
The vulnerability exists in any Windows version of Messenger that was downloaded before June 8th. The vulnerability exists in the Windows version only. Mac, Mobile and Unix versions of Messenger are not affected. To update you need to download and run the full Messenger installation.