Microsoft has acknowledged the danger of a bug which has been known for months. The problem is that a malicious webpage could execute ANY local executable. A previous update eliminated the ability to pass parameters to the executable.

However multiple vulnerabilities with the same or worse impacts are still unpatched, in other words Internet Explorer is no less vulnerable than before.

These are the currently unpatched vulnerabilities in Microsoft Internet Explorer:

Name: dialog style Cross Site Scripting
Description: It is possible to Cross Site Script the security zones, steal cookies and monitor the user.

Name: JVM Bytecode Verifier
Description: It is possible to do anything.

Name: cross-frame dialogArguments
Description: It is possible to execute /read local files.

Name: clipboardData object caching
Description: It is possible to read and write to the clipboard.

Name: MS JVM native method vulnerabilities
Description: It is possible to execute arbitrary code.

Name: WMP Stench
Description: It is possible to save and execute files on a local system.

Name: Java XMLDSO base tag
Description: Read any local file.

Name: document.domain parent DNS resolver
Description: Improper duality check leading to firewall breach

Name: CTRL-key file upload focus
Description: Read files, download and execution.

Name: FTP Folder View XSS
Description: It is possible to execute arbitrary commands.

Name: Self-executing HTML Help
Description: It is possible to save and execute arbitrary programs.

Name: Back Button CSS
Description: It is possible to read both files and cookies and execute arbitrary code.

Name: HELP.dropper (IE6, OE6, Outlook)
Description: It is possible to save and execute arbitrary programs.

Name: DynSrc Local File detection
Description: It is possible to locate files and read their size/date.

Name: Security zone transfer
Description: It is possible to auto-open IE and execute attachments.

Name: "script src" local file enumeration
Description: It is possible to enumerate any file on local system.

Solution
We recommend that you install this patch when possible, please keep in mind that you are still vulnerable to multiple other serious vulnerabilities if you do not disable active scripting.
Further details available in Customer Area

Provided and/or discovered by
The vulnerabilities has been discovered by different people and companies:
Liu Die Yu, Last Stage of Delirium, GreyMagic, solutions.fi, eyeonsecurity
Thor Larholm compiles a list of unpatched Internet Explorer vulnerabilities.

Changelog
Further details available in Customer Area

Deep Links
Links available in Customer Area