Microsoft is working on an update to Internet Explorer after two unpatched vulnerabilities were discovered.
One of the bugs could allow attackers to seize control of a victim's PC, tricking the browser into executing HTML application (HTA) files without the user's permission. HTA is a Microsoft-created format used to create HTML-based applications.
Microsoft has said it is working on an update to Internet Explorer, adding that the update is in testing and could come out as early as April. The company has also confirmed it is investigating a separate Explorer vulnerability that could cause the browser to crash. Code that takes advantage of this vulnerability has already been published on the internet, but because the bug doesn't cause anything worse than a browser crash, Microsoft has not considered it to be critical.
Given that a new version of Explorer, IE7, is on its way, plus a new Office, all no doubt tightly integrated, it’s no surprise that Vista has been delayed, especially given these latest Explorer vulnerability issues.