The latest bug is a variation on an executable code glitch discovered by a hacker group in November. In its latest incarnation, the bug allows arbitrary programs to be run on a victim's PC through contact with Web addresses beginning with the prefix "mk:", according to the Web site for hacker group L0pht Heavy Industries. It's not likely to impact most IE4 users, according to the group.
The original bug, found by the group in November, allowed malicious HTML code to be executed on a victim's PC to potentially run, change or delete files. Microsoft (MSFT) officials said at the time that the bug was "obscure."
A Microsoft spokeswoman said the fix should be available on the Internet Explorer security page on the company's Web site within several days. No users have fallen victim to the bug's latest incarnation so far, she said.
The glitches are the latest in a series of problems that have plagued IE4 since its release.