A brace of new Internet Explorer vulnerabilities have been disclosed on a security mailing list.
The most serious of the two flaws, which has been accompanied by the publication of proof of concept exploit code, involves HTA applications and creates a means to trick users into executing malign code providing users can be tricked into double clicking on an icon.
Workarounds against the flaw involve disabling active scripting.
The second security bug involves processing of the object.documentElement.outerHTML property. This vulnerability creates a means for hackers to retrieve information from sites a potential mark is logged into, such as a webmail page, in order to swipe user credentials.
Microsoft is investigating both flaws. The SANS Institute says it’s yet to hear of the active exploitation of either vulnerability by hackers.