Microsoft released a security patch on Thursday designed to fix two security vulnerabilities in certain versions of its Internet Explorer web browser, the company said in a bulletin on its website.
One hole could allow a malicious script embedded in a cookie to be run in an area of a user's PC known as the 'local computer zone', where it could alter or delete files on a user's PC. Most scripts embedded in cookies are supposed to be run in an area known as the internet zone, which places tighter restrictions on how programs can behave.
A second vulnerability involves the way object tags are handled and could allow an attacker to invoke an executable file already present on a user's machine, Microsoft said. A malicious hacker could create a web page that includes the object tag and cause the executable to run, the company said.
Users are advised to read Microsoft's security bulletin on its website, which includes instructions on how to download a software patch designed to fix the problems. They affect Internet Explorer 5.01 and 5.5 and Internet Explorer 6.0, Microsoft said. The patches available are cumulative, meaning they include the functionality of all previously released patches for those versions of Internet Explorer.
The bulletin is available here.