The web-giant Yahoo issued a fix for the critical Yahoo Messenger, discovered last week by the security firm eEye Digital Security.

According to the report issued by the security company the bugs were critical, which means that the vulnerabilities could be exploited if the user visits a Web site containing malicious code or opens an attachment with malicious code. If a user's machine is infected, a hacker could take control of the system.

"We take security issues very seriously, and upon being notified of this issue from eEye earlier this week, we diligently began working on a fix," said the spokeswoman in an e-mail. "The product and engineering teams were very expeditious in getting the fix into place last night. Protecting our users from security issues is a top priority."

“Two zero-day exploits have been released for a Yahoo! Webcam image upload and view utilities. These ActiveX controls are installed by default as part of the Yahoo! Messenger package,” said the alert from eEye. Adding that, “ActiveX remote code execution vulnerabilities have very high impacts since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials.”

Yahoo has fixed a buffer overflow problem in Webcam ActiveX controls that was causing the problem, according to a company spokeswoman in an e-mail to InformationWeek. Yahoo is recommending that users update their Yahoo Messenger software to Version 8.1.0.401, which can be found at Yahoo's update site.