New LARGE Vulnerability found in Microsoft Internet Explorer

03/23/2006 UPDATE Microsoft plans to release a pre-patch advisory with workarounds for a "highly critical" vulnerability that could put millions of Internet Explorer users at the mercy of malicious hackers. The advisory, which will be posted here, acknowledges a code execution hole that was discovered and publicly reported by Secunia Research of Copenhagen, Denmark. Secunia said in an alert that the vulnerability is due to an error in the processing of the "createTextRange()" method call applied on a radio button control. "This can be exploited by a malicious Web site to corrupt memory in a way that allows the program flow to be redirected to the heap," Secunia said in the alert, warning that successful exploitation allows execution of arbitrary code whenever the target visits the rigged Web site. The vulnerability was confirmed on a fully patched system with IE 6.0 and Microsoft Windows XP SP2. It has also been confirmed in IE 7 Beta 2 Preview, Secunia said. ...Firefox\Mozilla looking better all the time... From Jeffrey van der Stad's Blog: Last week I found a (to my knowledge) new vulnerability in the Internet Explorer 6.0 browser. With this vulnerability it is possible to run an hta-file without the users permission. The issue lies somewhere in... (Removed on Microsoft's request). I developed a working Proof of Concept and I notified Microsoft NL today. Today he writes: I suggested to visit Microsoft in Amsterdam to show them the PoC, but the Microsoft team was able to reproduce the exploit with a few suggestions.. So no trip for me.. :( Here's what Debby wrote: "We've actually been able to repro this in house, so unfortunatley, it looks like you don't need to go to Amsterdam after all. :( We have been trying to get this fix into the next IE release, but it's been a lot of work to do that as it's relatively late in the cycle. It looks like it will make it in though." Full Story At Source...