A vulnerability has been reported in Yahoo! Messenger, which can be exploited by malicious people to conduct Cross-Site Scripting attacks.
According to a report posted on Secunia Security Advisories, the vulnerability is caused due to a boundary error in the ActiveX component "yauto.dll" in the "Open()" function.
For the full report, check out Computerworld’s article at: http://www.computerworld.com.au/index.php?id=1138646646
The Secunia advisory is available at: http://www.secunia.com/advisories/10342/