The Redmond, Wash., company is aware of the reported flaw and is investigating it, Adrian Stone of the Microsoft Security Response Center said on a company blog. Microsoft is not aware of any attacks taking advantage of the vulnerability or any customer impact, he said.
"What we know at the moment is that the vulnerability can be attacked through Internet Explorer and requires user interaction on the page before the attack can occur," Stone said.
Two new reported flaws for IE, along with their proof-of-concept code, were published on Tuesday on the Full Disclosure mailing list, according to the SANS Internet Storm Center.
The first flaw is located in the use of HTA applications and could be exploited to trick a user into opening a malicious file, which has to be accessible through server message block or a remote site, according to a SANS advisory.
The second flaw is located in the handling of the object.documentElement.outerHTML property, according to SANS, and it can allow an attacker to retrieve remote content in the context of the web page currently being viewed, according to the advisory.
Microsoft’s next scheduled Patch Tuesday release is on July 11. Earlier this month, the company released 12 new security fixes as part of the biggest Patch Tuesday in over a year.
.jpg&h=140&w=231&c=1&s=0)
_(39).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Data & AI Edition
.png&w=120&c=1&s=0)
iTnews Cloud Covered Breakfast Summit
iTnews State of Security Breakfast
The 2026 iAwards
.jpg&w=120&c=1&s=0)
Integrate 2026
_(1).jpg&h=140&w=231&c=1&s=0)
