eEye is reporting that there are "multiple flaws" within Yahoo! Messenger 8.x - which are apparently critical. Remote code execution IS POSSIBLE, so ... watch yourselves.
I can't find any reports of a patch - or upgrade. More if I find it before you do.
Here's the link over to eEye's Advisory - with very little information.
As promised, here's more from the Full-Disclosure list... there may still be more!
WebCam Exploit (Run Remote Code!): http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063817.html
ActiveX Exploit (Yahoo! Viewer):
Apparently - these are "super-critical" vulnerabilities, and should be patched immediately if you are using Yahoo! Messenger.
Here's a link to the TechWorld.com story.