A cracker has discovered another new vulnerability in IE 6 and posted sample exploit code.
It seems that this vulnerability is somewhat similar to 06-040 patched in August. To work, an attacker will need to lure his victim to a malicious web site but full compromise could be the result of a successful attack. At this stage it is unclear against which combinations of systems and versions of IE this attack will work, though according to the poster of the code it is successful against IE 6 on Windows 2000.
Related links: (Open in a new window.)
xsec.org/index.php?module=Releases&act=view&type=2&id=20
Taken from Information Security Bulletin.