Microsoft warns on critical Explorer flaw
Covering all versions of the browser since 5.01, the new patch corrects a series of flaws, including one that would allow hackers to run code on machines using a pop-up web page.
Link: ‘Great Plains unscathed by flaws’
All the patches relate to the specific problem of hackers designing web pages that can subvert a PC without the need for any attachments or malware to be opened by the users.
For example, one of the holes allows hackers to conceal malware in a pop up window. Unpatched versions of Internet Explorer do not properly examine data sent when a web page requests a pop up window from its own server which means malware could be inserted.
There is also a problem is with the way Internet Explorer handles XML data binding. Extensible Markup Language (XML) is used to attach data to specific points on a web page, which could then be pushed onto users PCs.
Users are also vulnerable to these problems if they receive a specially crafted email from hackers. The patch strengthens the browsers protection against such dynamic HTML (DHTML) email that can run scripts automatically.
More details and the patch can be found at http://www.microsoft.com/security/security_bulletins/ms03-040.asp