GFI has recently discovered a security flaw within Internet Explorer which allows a malicious user to run arbitary code on a target machine as it attempts to view a website or an HTML email. The problem is exploited by embedding a VBA code within a Access database file (.mdb) within an Outlook Express email file or Multipart HTML (mht) file.

Link for this Proof of concept Exploit is here.

Read more at www.xatrix.org

Patch yet?

You'll find the patches here. (http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp)

These are the patches from Microsoft for IE 5.0, 5.5 and 6.0.

"It is also
important to apply the patch distributed by Microsoft."-Yes it is patched.