Microsoft Corp. on Wednesday issued patches for two new critical
flaws in Internet Explorer. “The more dangerous of the two vulnerabilities results from IE’s failure to properly check the object type that is returned from a Web server. It doesn’t take much for an attacker to exploit this flaw; all that’s needed is for a user on a vulnerable machine to visit an attacker’s Web site. The attacker would be able to compromise the PC without the user doing anything but calling up the site.”
Read the entire story.