GFI has recently discovered a security flaw within Internet Explorer which allows a malicious user to run arbitary code on a target machine as it attempts to view a website or an HTML email. The problem is exploited by embedding a VBA code within a Access database file (.mdb) within an Outlook Express email file or Multipart HTML (mht) file.

----[Proof of concept Exploit:

A live example of the named exploit is available on:

http://www.gfi.com/emailsecuritytest

Read full article at www.xatrix.org