Exploit Code for Critical Internet Explorer Flaw Publicly Available

Exposing Your Computer Could Be as Easy as Visiting a Malicious Website

JavaScriptSearch
Monday, March 27, 2006; 05:32 AM

Microsoft confirmed public reports of critical vulnerability in the Internet Explorer browser.  According to security website Secunia, the code which allows malicios people to get control over Windows system over the internet was publicly released.  So far no patch is available, although safe browsing techniques offer some degree of protection.

The bug is in the way Internet Explorer handles createTextRange() method. By exposing the browser to dedicated code on a website, attackers could trick the system into running arbitrary code. Microsoft's advisory on the subject states that "users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

Microsoft's monthly set of security updates is due on April 11th.  In the meantime, turning off Active Script is supposed to  solve the security problem.

The vulnerability is the most serious of the three flaws, which were discovered in Internet Explorer during the past week.