Sowhat has reported a vulnerability in Yahoo! Assistant, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when instantiating the yNotifier.dll ActiveX control and can be exploited to execute arbitrary code when a user is e.g. tricked into visiting a malicious website.

The vulnerability is reported in version 3.6. Other versions may also be affected.

The vendor has reportedly issued patches.