By the way, here's some of the text in the FAQ section of the bulletin. Do you notice that the attacker is "her" and the victim is "him". Does Microsoft have a gender issue?


"What’s the scope of the first vulnerability?

This vulnerability could enable an attacker to potentially run a program of her choice on the machine of another user. Such a program would be capable of taking any action that the user himself could take on his machine, including adding, changing or deleting data, communicating with web sites, or reformatting the hard drive.

In order for the attacker to successfully attack the user via this vulnerability, she would need to craft a specially formed web page and host the malicious executable on a site that is accessible to the victim, either on the Internet or on their local network. She would then have to force the user to view the web page. She could do this either by enticing the user to go to her site, or by sending the web page as an HTML email. When the web page on the site finished loading, the file could execuate automatically. In the case of an HTML email, when the user opened the mail or viewed it in a preview pane, the file could execute automatically. "