The researches from FrSIRT (French Security Incident Response Team) reported in an alert on Wednesday that a bug in a file (DLL - Dynamic Link Library) shipped with Microsoft Office and Microsoft Visual Studio allows malicious code in a Web page to exploit a memory corruption error.
Only the Internet Explorer users that contain the bugged file are affected, and only if they access a Web page with malicious code that tries to exploit this bug.
Microsoft published a security advisory discussing this problem. The advisory, which includes a number of suggested workarounds, can be found here.
» Internet Explorer Flaw Leads to Data Theft
» Symantec Warns About New Windows Metafile Vulnerabilities
» Microsoft Statement Concerning Windows Meta File Vulnerability
» Internet Explorer for Mac: Officially Dead
» Microsoft Releases Internet Exploer Patches
» Symantec Releases Signature for Microsoft XML Flaw
» Latest Microsoft Security Updates Available
» Microsoft To Release Windows Code Previews