A new security flaw in Yahoo Messenger could be used to spread malicious code, security firm McAfee has found. No patch has been issued yet.

McAfee's Wei Wang warns Yahoo Messenger users about the zero-day flaw in a McAfee blog post. After initial reports on a Chinese security forum, McAfee today confirmed that a flaw did exist in the most recent version of Yahoo Messenger.

The security flaw is described as a 'heap overflow' and for it to be exploited a computer needs to accept a webcam session invite. This may be a perfect opportunity for virus makers, who often use pornography as a bait to lure people in.

The vulnerability is similar to a previous Yahoo Messenger flaw which was fixed back in June, but not the same, McAfee said. Until a patch has been issued, Yahoo is urging users to be restrictive when it comes to accepting webcam invites.