Heads Up, Internet Explorer users. A new flaw in the browser’s handling of “createTextRange()” method used for radio buttons in HTML forms has been detected. The vulnerability can be exploited to allow program flow to be re-directed into the heap allowing code to execute with elevated (local user) privileges instead of with the standard Internet (restricted) zone.

Security web site Secunia, who discovered the flaw (Secunia Advisory SA18680), reports that The problem is caused by an array boundary error in the handling of HTML tags with multiple event handlers. The issue can be exploited to cause Internet Explorer 6 to crash More >