MS06-005
Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)
http://www.microsoft.com/technet/security/bulletin/MS06-005.mspx

Bulletin Summary - February 15, 2006

MS06-004
Cumulative Security Update for Internet Explorer (910620)
http://www.microsoft.com/technet/security/bulletin/MS06-004.mspx

Technical Description

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to take complete control of an affected system. This flaw is due to an error in the Drag and Drop functionality that fails to properly validate certain Dynamic HTML (DHTML) events and methods provided by the DHTML Object Model, which could be exploited by malicious web sites to bypass security restrictions and place arbitrary executables on a vulnerable system by tricking a user into clicking and dragging an object from a specially crafted browser window to another window pointing to local resources.

Source: Microsoft

Microsoft Security Advisory (913333)

Vulnerability in Internet Explorer Could Allow Remote Code Execution

Microsoft is investigating new public reports of a vulnerability in older versions of Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user's system in the security context of the logged-on user. The attacker could do this by one or more of the following actions: