Microsoft is investigating the second security flaw
discovered in its Internet Explorer browser this week.
The latest reported browser flaw could allow a remote attacker
take over a user’s Windows-based computer.
The flaw has been reported to the company by Dutch programmer
Jeffrey van der Stad, who published limited details of the flaw on
his website.
The problem relates to the way Internet Explorer processes HTA
files, which are used with web applications.
The reported vulnerability affects Internet Explorer 6 running
on the Windows 98, Windows XP and Windows 2003 Server operating
systems, according to van der Stad.
He says the bug could allow a remote attacker to run an HTA file
without the affected user's permission.
Microsoft said it was investigating the issue and would consider
issuing a security patch to address the potential problem at a
later date. The company is not aware of any exploits of the bug in
the wild.
Earlier this week, Microsoft said it was tackling a problem in
IE6 that reportedly allowed remote attackers to run arbitrary code
on affected users’ systems, once they had visited a malicious
website.
Microsoft's next scheduled security patch release date is
Tuesday 11 April.