The UK government's cyberagency responsible for warning about security incidents and electronic attacks on critical national infrastructure has issued an alert about a Microsoft buffer overflow vulnerability.
The Unified Incident Report and Alerting Scheme (UNIRAS), the UK's equivalent of CERT, has put out the warning following a Microsoft security bulletin last week.
The flaw was rated critical by Microsoft and consists of a buffer overflow in the HTML converter of most versions of Windows that could allow a hacker to execute malicious code.
The hole can be exploited by users cutting and pasting HTML from Web sites or just by viewing a Web site if the malicious code is embedded in a Web page.
UNIRAS recommends users should apply Microsoft patch MS03-023 and modify the security configuration of any applications that use Internet Explorer to disable active scripting and pasting.