Internet Explorer - New Vulnerability

Another day - another exploit. A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to crash a vulnerable browser or potentially take complete control of an affected system. This flaw is due to a buffer overflow error when processing a "WebViewFolderIcon" object with a specially crafted "setSlice()" method, which could be exploited by attackers to cause a denial of service or execute arbitrary commands by convincing a user to visit a specially crafted Web page.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.

Note : A fully functional exploit has been publicly released

Secunia - Extremely Critcal Rating
FRSIRT - Critical Rating
Demonstration

Original Advisory: H D Moore

==============================================
HD Moore Unplugged

HD Moore got his first real job in security research eight years ago, at the tender age of 17. He worked for the U.S. Department of Defense. Today, most everything Moore, 25, does is watched closely by the commercial world, especially by software companies like Microsoft. All of this activity has made him one of the most respected -- and sometimes criticized -- security researchers.

Read the article HERE.