New Microsoft IE flaw

Microsoft has issued a new security advisory ( 980099 ) to address a publicly disclosed vulnerability in Internet Explorer that may allow information disclosure for Windows XP users or for users who have disabled Internet Explorer Protected Mode. The advisory explains that content can be forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.

The result is that all files on your machine become accessible to those accessing it. Affected OS/browser combos include IE5.01 and 6SP1 on Win2k SP4 and IE6/7/8 on XP and Win2k3. Note that the browser needs to have Protected Mode disabled for the exploit to work. PM is enabled by default for IE 7 and 8 on Vista, 7 and Win2k8.