Microsoft Internet Explorer (IE) is vulnerable to a memory corruption error when processing malformed HTML pages containing specially crafted calls to JavaScript "window()" objects and "onload" events. The vulnerability could allow remote intruders to execute arbitrary commands in the security context of the currently logged-on user. Microsoft said that the vulnerability affects IE 5.x and 6.0 running on Windows Server 2003 Service Pack 1 (SP1), Windows XP SP2, Windows 2000 Server SP4, Windows Me, and Windows 98.

For more information, read Microsoft Security Advisory 911302, "Vulnerability in the way Internet Explorer Handles onLoad Events Could Allow Remote Code Execution."