A Computerworld Article reports a pair of vulnerabilities to Internet Explorer that allow Windows machines to be 0wned by a single click on a malicious web page. It was discovered by Dutch researcher Jelmer. As usual, the primary workaround is to disable Active Scripting for any sites that aren't Trusted, but you should have turned off that and Javascript years ago for safety anyway. At least one of the holes is fixed in XP Service Pack 2, but that doesn't fix previous versions of Windows and it's still only beta."
source (http://slashdot.org/article.pl?sid=04/06/09/116237&mode=thread&tid=113&tid=126&tid=172&tid=95)

this seems nasty to me since spyware, malicious code or anything else can be run with just a click of a button without your consent.

analysis (http://62.131.86.111/analysis.htm) of the code to see what it does.

there is no fix at the moment for this. apart from firefox :)

I ran a "harmless demonstration of the vulnerabilities " from Security focus (http://www.securityfocus.com/archive/1/365293/2004-06-06/2004-06-12/2) in firefox and IE. Firefox opened the page with an empty box displayed, no other results.

IE started loading the page when AVG stopped it and reported the virus "JS/Psyme"

This was only the test page, I don't know if AVG would stop the exploit at the infected webpage.

Another good reason for switching to firefox. (http://www.mozilla.org/products/firefox/) ;)

the demonstration uses a few fairly old malicious scripts thats what avg is picking up.

isnt it kinda funny that m$ actually HELPS hackers?