This isn't the first time a Yahoo! Messenger suite installation "helper" ActiveX control has been exploitable (in this case not too serious, just a basic DoS condition). All the more reason to not use the bloated pos Installer Suite, use the direct link to the standalone Yahoo! Messenger installer program (YTK's Auto-Updater Messenger Build Checker uses this).