Internet Explorer HTA Application Execution
Flaw could allow remote access to vulnerable systems
The Internet Explorer HTA Application Execution was assigned two vulnerability numbers by the National Institute of Standards in Technology National Vulnerabilities Database. The vulnerability in Inter Explorer allows remote attackers to execute arbitrary code via a link to an SMB file share, and the flaw itself might be within other components used by the Microsoft browser. If executed, the vulnerability may disclose potentially sensitive information and potentially compromise a user's system. Exploitation requires user interaction, however.
On August 8, 2006, Microsoft released two patches which addressed these vulnerabilities.