16 hours ago.
,----[ Quote ]
| Input passed in uploaded attachments is not properly verified before
| being used. This can be exploited to execute arbitrary HTML and script
| code in a user's browser session in context of an affected site when a
| specially crafted image is viewed directly in the Microsoft Internet
| Explorer browser.
`----
http://www.secuobs.com/secumail/snsecumail/msg02316.shtml
|
|