There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-&-paste operation. A vulnerability exists because a specially crafted request to the HTML converter could cause the converter to fail in such a way that it could run code in the context of the currently logged-on user. Because Microsoft Internet Explorer uses this functionality, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's computer. When a user visits an attacker’s Web site, the attacker could exploit the vulnerability without any other user action.
Download Update now for everything from Windows 98/NT 4.0 - 2003.