I have been aware of the latest Yahoo! Jukebox and until recently Messenger exploits for about a week. Starting on the 3rd of February, three critical vulnerabilities were posted for datagrid.dll and mediagrid.dll which are part of the Yahoo! Jukebox offering (http://www.securityfocus.com/bid/27578, http://www.securityfocus.com/bid/27579, http://www.securityfocus.com/bid/27590). The reason that I waited so long to post this is because the details were inconsistent and it didn’t add up to me. The versions of Messenger that were listed as vulnerable are absolutely ancient with the most recent being version 5.x. I tried to find similar DLLs on my system (I have 9.0 beta) but they were simply not present even with the Yahoo! music plug-in. This leads me to believe that this exploit is a non-issue and doesn’t really deserve any attention besides possible research material.

As of the 7th of February the postings from SecurityFocus have been changed to reflect that only Yahoo! Music Jukebox 2.2 is affected. What appeared to be a great exploit for Messenger