SECUNIA SAID a "highly critical" security bug in Internet Explorer versions 6, 5.5 and 5.01 can cause others to tamper with your PC.
The firm said that the bug has been tested on fully patched systems using both Windows XP SP1 and Windows XP SP2.

The bug, discovered by http-equiv, occurs because there's insufficient validation of drag and drop events issued by the Web to local systems.

There's proof of concept demonstration at http-equiv which plants a program in the startup directory by dragging a file pretending to be an image.

The only solution right now is to disable Active Scripting.

Here's the Secunia advisory.


Source:

The INQ!