"The vulnerabilities were uncovered by Stephen Kost from the security firm Integrigy Corp. An alert put out by Integrigy last week described the flaw as being exploitable by a remote user who can send a specially crafted URL to a Web server via a browser."
The link address is: http://www.eweek.com/article2/0,,1609275,00.asp