It appears that the YShortcut toolbar has a buffer overflow vulnerability.
40ba049b0a752f8a6f49ded03f4413432964054e8f9578fe6cb90e68d16c630c
YShortcut is a feature of the Yahoo toolbar which allows you to map shortcuts to URLS, i.e. y = http://www.yahoo.com and bla = http://www.somesite.com. The IsTaggedBM function is called every time anything is typed into the browsers address bar. This function suffers from an exploitable buffer overflow if 3000 characters is passed to it. Instead of doing their own bounds checking, Yahoo relies on the 2083 maximum URL length for Internet Explorer. This object is NOT marked safe for scripting.
YShortcut.dll, version 2006.8.15.1
{67CE97C5-ABE6-429A-B6BD-3BD1333A0825}
Elazar