New vulnerability in Internet Explorer has been discovered, which potentially can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to an error in the HTML Help ActiveX control (hhctrl.ocx) when handling the “Image” property. This can be exploited to cause a memory corruption by setting an overly long string multiple times for the property.
Successful exploitation may allow execution of arbitrary code.
The vulnerability has been confirmed on a fully patched system running Windows XP SP2 with Internet Explorer 6.0. Other versions may also be affected.
Security web site Secunia rates this vulnerability as Highly critical and recommends to disable the “Run ActiveX controls and plug-ins”