HTML Security Vulnerability (10/06)

A new HTML vulnerability is being actively exploited which could permit an unauthorized party to execute programs via Microsoft Internet Explorer (IE) or any other application (e.g., email reader) that hosts the WebViewFolderIcon control. Microsoft Windows 2000 and XP are reported to be subject to this vulnerability.

It is reported that a Microsoft patch for this vulnerability will be released in October. Please be advised that there are reports of a number of Web sites that may host malicious code to take advantage of this vulnerability. It is important to keep your anti-virus software updated to assist detection of malicious programs and apply Microsoft operating system critical patches as they are available.

Further information:
http://www.us-cert.gov/cas/techalerts/TA06-270A.html
http://www.microsoft.com/technet/security/advisory/926043.mspx