Instant messaging application Yahoo! Messenger is on the news again, as it becomes the target of a new proof-of-concept exploit. According to Trend Micro Escalations engineer Edgardo Diaz, said POC intends to prove that a certain component in the application known as FT60.DLL (version 1.0.0.4) can download a certain file from the internet. This function or feature (intended/unintended) can possibly be used by other malware as a vector to arrive on a user’s system.

Based on testing done in Windows XP SP2 with the latest version of Yahoo! Messenger (8.1.0.421) using the said DLL component, programs or Web sites using the CLSID related to the said DLL can download files from the Internet. Users can be lead to malicious/non-malicious sites that will first prompt for an ActiveX warning. When users allow the said ActiveX component to execute, FT60.DLL downloads files specified by the program or Web site.

This POC is the latest to target Yahoo! applications, Messenger in particular. Last June, Trend Micro researchers Jonell Baltazar and Jhoevine Capicio blogged about the two Yahoo! Messenger Webcam ActiveX vulnerabilities being exploited days after the vulnerabilities were made public. Other Yahoo! applications were also plagued by vulnerabilities and/or exploits. Last month, Paul Oliveria reported on the security advisory released by Yahoo! regarding Widgets. Jasper Pimentel also blogged about a POC that plagued Yahoo! Mail.

As of this writing, no word yet from folks at Yahoo!. Users are advised to be wary of accepting ActiveX prompts.