Stung by a recent spate of Internet Explorer (IE) vulnerabilities, Microsoft says it is actively investigating a recently discovered IE flaw and will likely issue a patch for that flaw soon. The flaw, which was discovered last week, involves a system file that is found on Windows systems in which certain versions of Visual Studio 2002 or Office XP are installed.
"Microsoft is investigating new public reports of a possible vulnerability in Internet Explorer," a Microsoft statement reads. "We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time. Microsoft is aggressively investigating the public reports."
The flaw takes advantage of an IE feature that lets the browser control other Microsoft applications running on a Windows system. Theoretically, a malicious hacker could construct an exploit that takes over users' PC when they browse to their Web sites. The French Security Incident Response Team (FrSIRT), which first discovered the flaw, rates it as critical.
Microsoft, however, has not yet rated the flaw, as it is still under investigation. For more information, please read Microsoft's security advisory.
http://www.microsoft.com/technet/security/advisory/906267.mspx