Yet another flaw in IE6 (including SP2) has been found and disclosed and may already be getting used to exploit users. This new flaw involves using an onclick event to initiate a createElement event, which is used to create an iframe to a remote web server which can download anything it likes to your computer, bypassing IE’s protection systems in the process.
The solution at this stage, is to turn off active scripting, unfortunately that renders IE mostly useless as you can’t even use it for WindowsUpdate in that state. Another solution is to avoid untrusted links, but doing that renders most of the Internet as a no go zone. A better solution is to go and get yourself a free copy of Firefox and spend your time browsing instead of worrying about browsing.
