There is a little confusion in this notice. The first line talks about Internet Explorer, while the first sentence of the article talks about Windows Explorer 5.01. I though I would go ahead and post so that everyone could watch for follow-up information. efc
Internet Explorer gets early 2004 security warning
By INQUIRER staff: Friday 02 January 2004, 19:00
THERE'S A MODERATELY critical alert for Windows Explorer 5.01 et seq from security firm Secunia to usher in our new and brave computing year.
The English normally wait for a cuckoo to sound before they proclaim spring is on the way, we are given to understand.
According to the Secunia bulletin, the latest, or first problem with Internet Explorer in 2004 is a showHelp() restriction bypass vulnerability.
This is a variant of an older showHelp() problem, discovered by Arman Nayyeri.
The problem appears to be related to "trusted" sites, and Secunia claims the vulnerability is confirmed in "fully patched" Explorer 6 with WinAmp 5 installed.
Yes, the solution is to disable active scripting support, and to get rid of HTML that as references to showHelp() using an HTTP proxy or firewall with content filtering capabilities.
Or, in yet another rare flash of wit from Secunia, you can avoid the problem by "using another product".
The bulletin is here. Now that Microsoft has stopped issuing regular security bulletins – except monthly, and even then not last month – we don't know what we'd do without outfits like Secunia.