Microsoft has issued a security advisory warning of a "critical" flaw in its Internet Explorer Browser.
It also sent out a second advisory highlighting a less severe problem with its Windows XP operating system.
The Internet Explorer vulnerability stems from a security function in the software designed to stop one domain, such as a website, from sharing information with another domain. Microsoft discovered that such information sharing could occur when certain dialogue boxes are used.
An attacker could create a web page that uses the flaw to run malicious code, possibly in the form of an executable file, on a computer used to visit the page. A related vulnerability allows an attacker to access a user's system via HTML pages that display help content.
The company recommended that users with Internet Explorer versions 5.01, 5.5, and 6.0 download a patch for these problems. The security bulletin, including links to the patch, is at www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-004.asp.
The second warning, for Windows XP, concerns a problem in the Windows Redirector software, which is used to access local and remote files.
Microsoft warned that, by sending bad data to the Redirector, a hacker could cause a system failure or, if the data were crafted in a particular way, run malicious code on the user's computer.
The flaw in XP cannot be exploited remotely and an attacker would need the ability to log on to a system to run programs that use the Redirector. Nevertheless, it said users should consider installing its security update for the problem and rated it an "important" issue.
The security bulletin, including links to the patch, is at www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-005.asp