The company warned in an advisory that the flaw could potentially be exploited by malicious users to hijack a computer or steal private information. Even though the flaw itself is in Windows, it only appears to affect the way Internet Explorer handles webpages and documents.
"When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session," wrote Microsoft representative Angela Gunn.
"Such a script might collect user information, e.g e-mail, spoof content displayed in the browser or otherwise interfere with the user's experience."
Microsoft said it has seen no evidence that the loophole is being exploited in the wild. The company is working on a permanent patch to fix the problem permanently, but concerned Internet Explorer users can utilize a Microsoft "Fix It" solution to guard against it until then.
More information: http://support.microsoft.com/kb/2501696
Written by: James Delahunty @ 1 Feb 2011 20:08