A brace of new Internet Explorer vulnerabilities have been disclosed on a security mailing list.

The most serious of the two flaws, which has been accompanied by the publication of proof of concept exploit code, involves HTA applications and creates a means to trick users into executing malign code providing users can be tricked into double clicking on an icon.

Workarounds against the flaw involve disabling active scripting.

The second security bug involves processing of the object.documentElement.outerHTML property. This vulnerability creates a means for hackers to retrieve information from sites a potential mark is logged into, such as a webmail page, in order to swipe user credentials.

Microsoft is investigating both flaws. The SANS Institute says it's yet to hear of the active exploitation of either vulnerability by hackers. ®

Related stories

• Worm targets Windows PowerShell script (1 August 2006)
• MS June update fixes dangerous Word flaw (14 June 2006)
• Unofficial zero-day patches gain corporate support (4 April 2006)
• Patches released for zero-day IE threat (29 March 2006)
• Warning over unpatched IE bug (4 July 2005)
• Firefox exploit targets zero day vulns (9 May 2005)