Advisory 913333 was published yesterday, it being another remote WMF vulnerability (just get the user's computer to display it). This one requires <IE 6 on 2000 SP4 or ME though, IE6 (and thus XP and 2003) aren't affected. My guess is there won't be a patch, as the recommendation is just to download and install IE6. Fun.
As a semi-related note, Advisory 914457 gives another reason to upgrade XP/2003 to the latest service pack.
Copyright ©2000-2008 Jeremy Mooney (jeremy-at-qux-dot-net)
