"zero day" exploit...?

In case you haven't seen it...


/ Mat

yeah, yet another 'zero-day' (is it really zero-day with this?) IE
hole :frowning: So again, why would you want to use this? (yes sean, there are
more holes in bind/sendmail/blah-unix-tool than ever in IE/Win*, but the
market base causes the huge scope of the problem, eh?)

oh well, block tcp/80 and tcp/443?

The good news is Windows XP Service Pack 2 blocks the attack. The bad
news is XP/SP2 is still in beta. The double-bad news is XP/SP2 is only
for XP; so "legacy" Microsoft users are still out of luck.

Full Disclosure has been discussing the details.

Hmm is this the same as the help file problem recently patched for Safari in Mac