Microsoft plans to post a fix by Wednesday afternoon for the latest bug to surface in its Internet Explorer 4.0 browser, company officials said.

The patch will be posted to the IE 4 security page on Microsoft's Website.

The Buffer Overrun Security bug was first brought to the company's attention by L0pht Heavy Industries, an organization of computer hackers and Internet service providers in Boston.

L0pht's band of hackers discovered the glitch when using the res:// URL, which links to local resources such as a dynamic link library on the computer. If the URL is longer than 256 characters, then it causes IE 4 to fail.

The characters above the 256th character would remain in memory and could perform any act, such as run a program or damage a disk.

As a proof of concept, L0pht put up a link that would write a line into the user's autoexec.bat file that reads "MICRO$OFT 0WNZ YOU... REPENT AND BE SAVED." They said that the bug could do far worse.

The problem is confined to Internet Explorer 4 for Windows 95 only.

It is not in IE 3.0 nor does it affect Windows NT 4 and the preview versions of IE 4 for the Macintosh, Windows 3.1, or Unix, according to Dave Fester, group product manager for Internet Explorer at Microsoft, in Redmond, Wash.