1) An error in the handling of redirections can be exploited to access documents served from another web site via the "object.documentElement.outerHTML" property.
2) An error in the handling of file shares can be exploited to trick a user into executing a malicious HTA application via directory traversal attacks in the filename. Successful exploitation requires some user interaction.
The vulnerabilities have been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.
1) Disable Active Scripting support.
2) Filter Windows file sharing traffic.
ISC Testing Note: Regarding the second vulnerability, what's interesting is that we were able to reproduce this even when using Mozilla FireFox.
These are rated as a "moderate risk" and proof-of-concept exploits have been developed.
New IE unpatched OuterHTML and HTA vulnerabilities