Wow, check it out, this is a *serious* fuckup on M$'s part---I've never
seen a security flaw in a browser before that allowed arbitrary code to be
run simply by hitting a web page with Javascript activated in its configs.
>From the CERT page http://www.cert.org/advisories/CA-2001-06.html:
Microsoft Internet Explorer has a vulnerability triggered when
parsing MIME arts in a document that allows a malicious agent to
execute arbitrary code. Any user or program that uses vulnerable versions
of Internet Explorer to render HTML in a document (for example,
when browsing a filesystem, reading email or news messages, or
visiting a web page), should immediately upgrade to a
non-vulnerable version of Internet Explorer.
E
