Today we released a security update for IE, MS04-040. This fixes a heap-based buffer overflow that allows remote execution (see CAN-2004-1050 for more details on the specifics of the issue). Full details on the security update can be found in the security bulletin.
If you are running IE6 SP1 or IE 6 I strongly suggest you go to Windows Update to get this security release. It’s nice to see the results of all the hard work we put into making XPSP2 and Windows Server 2003 more secure, since users running those platforms don’t need to get this update.