The good news, as we’ve reported a few days ago, is that Yahoo! released a new version of its instant messaging application, mainly Yahoo! Messenger 11.5. It comes with a handful of nice new features that we’ll go into later on.

The bad news is that the recently released Yahoo! Messenger 11.5, and all other 11.X versions, are plagued by a zero day vulnerability. If someone with malicious intent were to exploit that vulnerability, that person could change your status message without your consent. You could find that your status message has been changed without your knowledge and that the status message links to some malware spreading site.

BitDefender explains how it all works:
“The status message change occurs when an attacker simulates sending a file to a user. This action manipulates the $InlineAction parameter (responsible for the way the Messenger form displays the accept or deny the transfer) in order to load an iFrame which, when loaded, swaps the status message for the attacker's custom text. This status may also include a dubious link. This iFrame is sent as a regular message and comes from another Yahoo Instant Messenger user, even if the user is not in the victim’s contact list.”

BitDefender added that anyone user who receives messages from contacts outside of their lists is 100% vulnerable. To protect yourself against this vulnerability you should set Yahoo! Messenger to accept messages only from people on your contacts list. From Yahoo! Messenger click on Messenger -> Preferences -> Ignore List -> select Ignore anyone who is not in my Yahoo! Contacts -> Apply -> OK.

That takes care of the bad news; let’s get back to the good news. As I mentioned above, Yahoo! Messenger 11.5 comes with several nice new features. The following new features:

• Tabbed IMs – the users asked for a more efficient way to organize and manage their conversations, so the team behind Yahoo! Messenger introduced tabbed IMs. One window, multiple tabs – that’s how you can easily communicate with several people at the same time.
• Better spam protection – the users don’t like spam and the Yahoo! Messenger team doesn’t like spam either. That is why the latest version of Yahoo! Messenger lets you ignore multiple add requests from strangers with a single click.
• New social games – there are now more than 70 entertaining games to play.
• Recent contacts – you don’t talk with all your Yahoo! Messenger friends just as often, do you? There are certain people you talk to more often than others. Yahoo! Messenger 11.5 gives you easy access to recent contacts; for easy access your recent contacts appear at the top of your contact list.
• Smart archiving – Yahoo! Messenger 11.5 makes it easier than ever to look up a conversation you had with someone by categorizing your chat history. It is categorized by friends and the most recent conversations are always shown first. I remind you that Yahoo! Messenger stores your chat history online, which means that you can access it from anywhere you signed into Yahoo! Messenger.
• Snap and share – take a screenshot and share it with friends.
• Emoticons – you can easily access all the emoticons, including the ones that used to be hidden. On top of that Yahoo! Messenger 11.5 remembers the emoticons you use most often.
• Romanian language support – this one is pretty simple to explain: Romanian users can now enjoy Yahoo! Messenger 11.5 in their native language. There are millions of Romanian Yahoo! Messenger users, so this should make them happy.

You can get Yahoo! Messenger 11.5 straight from Yahoo! here.