A fairly serious flaw in Internet Explorer which would enable a malicious Web page or e-mail to drop a cookie containing an HTML script on a victim's machine and run it in the 'Local Computer' zone rather than the Internet zone to avoid restrictions h...

An attacker can run arbitrary commands on Windows machines with a simple bit of HTML, an Israeli security researcher has demonstrated. The exploit will work with IE, Outlook and Outlook Express even if active scripting and ActiveX are disabled in the ...

The MS patch intended to fix a data binding flaw in IE, which enables a script to call executables on your Windows machine using the object tag, does not protect against malicious files launched from a local directory.

Includes: MSXML may ignore IE security zone settings during a request for data from a Web site; and a VBscript problem which allows an attacker to read files on a victim's local drive, or eavesdrop on his browsing session.

Descriptions, and patch information, for vulnerabilities affecting various versions of this browser.

Describes a security hole which can be exploited to change users' search sites or to serve up offensive ads.

An attacker can gain control of another user's machine using an HTML-formatted e-mail with an attachment that contains a small remote-control program. The e-mail can be sent directly to the victim, or can be placed on a website.

A hacker who discovered a potentially devastating security hole in Microsoft's Internet Explorer says he has found himself in the undesired position of providing technical support to people who cannot install the patch that Microsoft released to fix t...