A new vulnerbaility in Microsoft Internet Explorer had been disclosed.
This is a serious vulnerability that could allow program code execution on a user's computer.

Microsoft has published an advisory for this so-called "Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution": http://www.microsoft.com/technet/security/advisory/917077.mspx (opens in a separate browser window).

As of this writing no patch for the vulnerability is available.

Information from Microsoft is also available from Microsoft Security Response Center Blog (opens in a separate browser window).

Several web sites that have implemented web pages which exploit the vulnerability are reported present on the Internet.

Norman recommends that Internet Explorer users are extremely careful when visiting web sites that are not trusted; including following links to unknown web sites in emails.

This advisory will be updated when more information is available.

Update 26 March 2006:
Norman has released new virus signature files that detect malware that utilizes this vulnerability.

Update 12 April 2006:
Microsoft has released a cumulative update to Internet Explorer that corrects this vulnerbility. More information in Microsoft Security Bulletin MS06-013.