Three new flaws found in Internet Explorer

Security vendor Secunia today announced a new vulnerability affecting Internet Explorer 6.x and 7 beta. The vulnerability, which Secunia rates as highly critical, exists when processing the "createTextRange()" method call on a radio button occurs. A successful exploit will allow an attacker to run malicious code on a fully patched Microsoft Windows machine. According to the Secunia announcement, Microsoft is working on a patch. Microsoft's next scheduled patch release is April 11.

A second vulnerability affects HTA files and is not considered critical. HTA files are used with Web applications. Microsoft is investigating this vulnerability and may offer a patch at some point.

A third vulnerability in Internet Explorer reported by Secunia and others on Monday is less critical, though highly annoying. This third vulnerability, which involves HTML tags with multiple event handlers, can be exploited to crash a vulnerable browser.

Until these vulnerabilities are patched, Secunia recommends users avoid untrusted Web sites. Personally, I recommend using another Internet browser, such as Firefox or Opera.