A new, unpatched flaw in Internet Explorer could let miscreants surreptitiously run malicious code on Windows PCs, according to the discoverer of the bug.
The problem affects Internet Explorer 6–the latest version of Microsoft’s Web browser–on computers running Windows XP with Service Pack 2 and all security patches installed, Tom Ferris, an independent security researcher in Mission Viejo, Calif., said in an interview Monday. Other versions of Windows and IE may also be vulnerable, he said.
The security hole allows for “full blown remote code execution,” Ferris said. “If a user browses to a bad Web site, malicious software can be installed on their PC without their knowledge.”