CERTも放っておくわけには… 2004/12/2 US-CERTのメールから。
TA04-315A describes a buffer overflow vulnerability in Microsoft Internet Explorer HTML elements that could allow a remote attacker to execute arbitrary code. Note that any program that hosts the WebBrowser ActiveX control could be affected. Microsoft Security Bulletin MS04-040 contains an update to fix this vulnerability.
The vulnerability is described in further detail in VU#842160.