“The vulnerability is in IE 5’s ImportExportFavorites
feature, which lets users import and export lists of commonly
accessed Web addresses. The trouble is that the feature lets a
malicious Web site operator run executable code on the
computer of someone who visits that Web site.
‘The net result is that a malicious Web site operator
potentially could take any action on the computer that the user
would be capable of taking,’ warned Microsoft in a security
alert.
Microsoft said IE 5 users can disable Active Scripting to
protect themselves pending the release of a patch.”
“Microsoft acknowledged Bulgarian bug hunter Georgi Guninski for
discovering the security hole.”