A new vulnerability in Yahoo Messenger has been uncovered in the web chat component of the instant messaging application.
A memory error known as a 'heap overflow' can be triggered when a user accepts a specially crafted web chat invitation from the attacker, according to security firm McAfee.
It is not yet known whether an attacker would then be able to remotely execute code or cause a denial of service.
"Once the condition is induced, it depends on what your exploit code can do, " Dave Marcus, senior security strategist at McAfee, told vnunet.com.
McAfee said that the vulnerability was first spotted on a Chinese-language security board. The company then tested and verified the code, and passed it on to Yahoo.
Yahoo has yet to verify the flaw as a zero-day vulnerability, but McAfee said that it is definitely not related to the ActiveX flaw reported in June.
Marcus noted that no exploit code has yet been written to take advantage of the vulnerability, and there are no reports of the vulnerability being targeted by active attacks.
McAfee recommends Yahoo Messenger users to avoid accepting web chat invitations from unknown sources, regardless of whether they have a webcam installed or not.
No other applications are believed to be affected by the vulnerability.
Some parts of Atacama have not received rainfall for 500 years - but a sudden deluge of water upset the Desert's delicate biological balance
Spitzer Space Telescope could not spot Oumuamua, suggesting that it is actually pretty small
Greenland crater one of the 25 largest impact craters on Earth
This long-sought progenitor star was identified in an image captured by Hubble in 2007