The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions.
Secunia Research Advisory - Secunia Research has discovered a vulnerability in Yahoo! Messenger, which can be exploited by malicious, local users to gain escalated privileges.