eEye Digital Security has discovered a heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Only Windows 2000 and Windows XP SP1 systems running Internet Explorer 6 SP1 with the MS06-042 patch applied are vulnerable.
140740018944f8f8fb1cd1ce93819ababbcebc675a58daa37730a7bec43591c1