Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI.Referenceshttp://www.cert.org/advisories/CA-2002-16.htmlhttp://online.securityfocus.com/archive/1/274223http://www.securityfocus.com/bid/4838http://www.kb.cert.org/vuls/id/172315http://www.iss.net/security_center/static/9184.php
