...In an alert to customers of its DeepSight threat system, Symantec cited a vulnerability...by researcher Michal Zalewski, who notes that IE is prone to memory corruption because of the way it handles malformed HTML.

HTML content that contains nested tags without the corresponding closure tags...can trigger the bug. "An attacker could exploit this issue via a malicious web page to potentially execute arbitrary code in the context of the currently logged-in user"...A fully-patched version of IE 6 for Windows XP SP2 -- the most-secure production version of Microsoft's browser -- is open to the attack.

IV. SUGGESTED ACTIONS: MITIGATION RECOMMENDATIONS

* Limit viewing to trusted web sites: In some situations, browsing can be successfully limited to only trustworthy sites without significant loss of productivity. Users should be extremely cautious while browsing unknown or untrusted web sites, as such web sites are often able to introduce hostile code.

* Run exposed applications with reduced privileges: Users who log on interactively -without- the privileges of powerful groups such as the "Administrators" or "Power Users" groups are at a much lower risk of damage from successful exploitation of software vulnerabilities in client applications. This mitigation step greatly reduces the likelihood of a successful malware installation if this vulnerability is exploited..."

2006-04-28: Updated "Description" section to clarify that Secunia has successfully exploited the vulnerability.