2007-10-29 19:00:00
mitre
PUBLISHED
The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.