Tom Ferris reported a new flaw in Internet Explorer on fully patched Windows XP SP2 systems. While Ferris offered few details about the problem on his Web site, the vulnerability reportedly could allow a remote intruder to install remote code and completely take over an affected system.
French security research organization FrSIRT issued a bulletin stating that the problem relates to processing of malformed HTML which can lead to memory corruption that might allow a remote intruder to run arbitrary commands on an affected system.
With widespread use of Windows XP the problem could potentially affect millions of computers. However no patch is available at this time and no workaround information is known at this time. Ferris said he notified Microsoft of his findings and the company is researching his report. Ferris won't disclose any more information about the flaw until Microsoft releases a patch.