Yahoo Patches IM Security Hole

I didn't even know that there was a security hole. I'm glad I found this on my MSN.com:

The vulnerability stems from an error in the "yauto.dll" file, an ActiveX component of Messenger. The security hole affects Yahoo Messenger versions 5.6.0.1347 and earlier, the advisory [issued Wednesday by Danish security company Secunia] said.

To find out what version of Yahoo! Messenger you have, from the Yahoo! Messenger window, go to Help | About Yahoo! Messenger. A popup window will appear, and it will show you what version you are running.

According to Yahoo!, the problem has more to do with a wider vulnerability in Internet Explorer than it does with their messaging software:

Only users that have chosen to change IE's security settings to the "low" level, rather than the default "medium" setting, or that are not running the most recent IE patches would be vulnerable, Yahoo said. An attacker then would need to direct a vulnerable user to view malicious HTML code in order exploit the hole.

Users still need to make sure that their security settings are set appropriately and use the most recent version of IE.