CERT Advisory: Buffer Overflow in Microsoft Internet Explorer
Provides an overview and solutions to this vulnerability which, theoretically, affects all applications utilizing the Internet Explorer HTML rendering engine.
CIAC: Microsoft Internet Explorer-Content Type Falsification (Three Vulnerabilities)
Detailed explanation and workaround of these vulnerabilities affecting I.E 5.5 and 6.
The Register: Cumulative IE Patch for Maicious Cookies
A fairly serious flaw in Internet Explorer which would enable a malicious Web page or e-mail to drop a cookie containing an HTML script on a victim's machine and run it in the 'Loc…
The Register: IE, Outlook Run Malicious Commands Without Scripting
An attacker can run arbitrary commands on Windows machines with a simple bit of HTML, an Israeli security researcher has demonstrated. The exploit will work with IE, Outlook and Ou…
The Register: MS Security Patch Fails on Local Files
The MS patch intended to fix a data binding flaw in IE, which enables a script to call executables on your Windows machine using the object tag, does not protect against malicious …
The Register: Three New MS Security Holes - Two Nasty
Includes: MSXML may ignore IE security zone settings during a request for data from a Web site; and a VBscript problem which allows an attacker to read files on a victim's local dr…