More IE holes are here, if you can believe that. These two new problems
can affect users on fully patched Windows XP Service Pack 2 systems, so the potential for some sort of harmful exploit is therefore high.
"According to an alert from Secunia that carries a "moderately critical" rating, the holes can be exploited to bypass a security feature in XP SP2 and trick users into downloading malicious files.
"The problem is that if the downloaded file was sent with a specially crafted 'Content-Location' HTTP header in some situations, then no security warning will be given to the user when the file is opened."
Microsoft has yet to confirm whether it believes the flaws to be genuine security holes, which it will do before releasing any kind of fix. Let's hope they decide soon, Secunia have also warned that a combination of the two flaws could be exploited by an attacker to trick a user into downloading a malicious executable file pretending to be an HTML document.