A security hole in Yahoo’s Messenger could allow attackers to run their own code on computers using the program. The buffer overrun vulnerability was found in a file named “yauto.dll,” which is an ActiveX component of Messenger software versions up to 5.6.0.1347, according to a security alert released by Copenhagen security company Secunia. Yahoo is working to verify the report and develop a patch for Messenger. ActiveX is a Microsoft technology that allows software developers to create small, reusable bits of code, called “controls” that enable programs to share information over computer networks and the Internet. Full Story