Internet Explorer (IE) is vulnerable to attack that might lead to remote code execution. The vulnerability allows intruders to install shell code and take subsequent actions, including the ability to install malware. A successful attack can occur when IE handles documents that use Vector Markup Language (VML). The vulnerability is being actively exploited via Web sites around the Internet.
The company stated that a security update is being developed that it hopes to release as part of its regularly scheduled monthly security patches, the next of which is currently scheduled for October 10, 2006.