A group of Russian researchers from SECURITY.NNOV has uncovered a new flaw in Microsoft Internet Explorer that would allow an
attacker to execute arbitrary code on a victim’s system when the victim visits a Web page or views an HTML email message.
The Computer Emergency Response Team Coordination Center (CERT/CC), which issued an advisory about the flaw Monday, said the buffer
overflow vulnerability would allow the attacker the system privileges of the victim and noted that the flaw could be exploited to
distribute viruses, worms or other malicious code.
CERT attributed the vulnerability to Internet Explorer’s improper handling of the SRC attribute of the