In a new security advisory release Microsoft is warning that IE6 and 7 can under proof of concept be exploited with CSS style sheets.
HA thats sad
“The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.”
So that means that someone can assign CSS Styles that will execute code in the end users browser and whatever that code may be is pretty much up to the person who launched the exploit.
They could do basically anything.
It would be nice if they sorted my folder full of shortcuts.
anyway for more info visit Microsoft