October 20, 2004
By Jim Wagner

Microsoft officials confirmed the existence of two vulnerabilities within Internet Explorer 6.0 that affect all versions of Windows, including Windows XP Service Pack 2 users.

It's a continuation of the "drag-and-drop" flaw security officials at Microsoft have spent more than two months fixing.

The flaws, rated "highly critical" by security outfit Secunia Research in a report Wednesday, when used in conjunction, can allow the owner of a Web site to dump a malicious file into a user's startup folder, which will be executed when the system is rebooted.

[...continues...]
http://www.internetnews.com/security...le.php/3424601