Microsoft is warning users of a newly-discovered hole in Internet Explorer affecting the .wmf image file format.
The flaw could allow a hacker to run programs remotely on an inffected PC.
In a statement issued on its TechNet developer site, Microsoft said it was investigating new public reports of a vulnerability in older versions of Microsoft Internet Explorer. “Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user's system in the security context of the logged-on user.”
This latest revelation comes just a month after Microsoft issued an unrelated fix for a .wmf bug.
The affected software includes Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium.
According to Microsoft an attacker would have to persuade a user to visit a malicious website, typically by getting them to click a link that takes them there.
Microsoft said users whose accounts are configured to have fewer user rights on the system could be less affected than those who operate with administrative user rights.