Yes, that's right, another IE hole. US-CERT on Wednesday warned of another fresh hole in Internet Explorer
that could allow attackers to take control of a PC via an HTML e-mail message or a malicious Web page. This one works by exploiting a heap buffer overflow, is in the way IE handles two attributes of the "frame" and "iframe" HTML elements. Furthermore, things are even more serious than usual now because exploit code has been published on public mailing lists. The bug has been confirmed on IE 6.0 on Windows XP with SP1 and all patches installed, as well as the same browser on a fully patched Windows 2000. No word yet on a patch from Microsoft.