This Microsoft security bulletin just hit my inbox. There’s a security hole in Internet Explorer the size of Ted Turner’s land holdings. Here are the basics:
What’s the scope of the vulnerability?
This vulnerability could enable an attacker to potentially run a program of her choice on the machine of another user. Such a program would be capable of taking any action that the user himself could take on his machine, including adding, changing or deleting data, communicating with web sites, or reformatting the hard drive.
In order for the attacker to successfully attack the user via this vulnerability, she would need to be able to persuade the user to either browse to a web site she controlled or open an HTML e-mail that she had sent.
What causes the vulnerability?
If an HTML mail contains an executable attachment whose MIME type is incorrectly given as one of several unusual types, a flaw in IE will cause the attachment to be executed without displaying a warning dialogue.
Brilliant. Best get to updating those browsers right now, folks.