Bugtaq has a report of an unspecified remote code execution vulnerability for IE 6 (it doesn't say IE 7 is *not* vulnerable, it doesn't say anything). The post is complete with proof-of-concept code. The vulnerability would allow an attacker to run code with the permissions of the user running IE. There is a 4 page paper in PDF format that discusses the bug. At this point I haven't seen any other advisories. More information when we have it.
This is actually code to do the same thing as CVE 2006-4704, i.e. exploit the same bug, so it's not all the new.
bambenek /at/ gmail (dot) com
Nov 1st 2006
1 decade ago