Bulgarian hacker Georgi Guninski, who claims to search for security holes for the intellectual challenge, has repeatedly exposed dangerous security holes in Microsoft products. And he's found a doozy in Microsoft Internet Explorer (IE) 5.
He found a hole that allows anyone with a Web page to take over your computer system, via a few simple lines of code within the HTML code making up the page. Just by visiting the page your machine may be subjected to the exploit. And that's not all. Because so many email clients now support HTML-formatted email messages, malign individuals can also include ill-intended HTML with their email. Reading newsgroups with IE 5 can also leave your system vulnerable, since newsgroup messages may also include HTML code.
Guninski's discovery makes use of an ActiveX control that is designed to create "scriptlets" that run on a user's machine when he views a Web page or email message. This particular control, called "Object for constructing type libraries for scriptlets", has free run of the user's files and can easily be made to overwrite files, place hostile programs on the hard drive, and generally cause oodles of damage.
