Provides an overview and solutions to this vulnerability which, theoretically, affects all applications utilizing the Internet Explorer HTML rendering engine.
"Microsoft is urging users of its Internet Explorer browser to download a patch for a newly discovered buffer-overflow security bug. The bug takes advantage of the way some versions of the IE browser handle long strings of JScript code."
Advisory by USSR: "It is possible to create a malicious webpage that when visited by an IE user all of their system resources are devoured and depending on the system its possible that the machine can even crash and reboot itself."
Explains how the IMG element's dynsrc attribute can be exploited to test the existence of, find the size of, find the date last updated/modified of, and the creation date of, an arbitrary local file. By GreyMagic Security.