Tom Ferris of www.security-protocols.com has discovered a new IE vulnerability, claiming that this is remotely exploitable. No vulnerability details was disclosed, though. But the author said he had reported this to Microsoft last August 14. We might as well expect this one of the upcoming MS security bulletins. Check out his announcement. He also has this nifty screenshot of the IE crash.

Ferris reported that he found the vulnerability in IE6 while running Windows XP SP2. However, FrSIRT claims in its own bulletin that this vulnerability affects IE 5 as well, and it is not just limited to systems running XP SP 2. We’ll see more when details of this particular vulnerability are disclosed. Meanwhile, stay tuned.