There is a new and unpatched vulnerability with exploit code in the wild that affects the latest version of IE. The exploit works by including an abnormally large (a couple thousand) number of script actions inside a single HTML tag. This vulnerability can be triggered by specifying more than a couple thousand script action handlers

Multiple vulnerabilities have been identified in various Macromedia products, which could be exploited by remote attackers to execute arbitrary commands. These flaws are due to unspecified errors when processing specially crafted SWF files. Affected Products Flash Player versions 8.0.22.0 and prior Breeze Meeting Add-In Version 5.1 and prior Shockwave Player version 10.1.0.11 and prior Flash

Michael Lehn has discovered a vulnerability in Mac OS X, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an error in the processing of file association meta data in ZIP archives (stored in the “__MACOSX” folder) and mail messages (defined via the AppleDouble MIME format).

Multiple vulnerabilities have been identified in Winamp, which could be exploited by remote attackers to take complete control of the affected system. The first flaw is due to a buffer overflow error when processing a specially crafted playlist containing an overly long media filename, which could be exploited by remote attackers to compromise a vulnerable

The exploit craft a malicious BMP file to perform buffer overflow in Media Player. Keeping in mind as Microsoft has pointed out that the exploiting factor can include other graphics file as well (such as .wmp), it’s a good idea to get it patched ASAP. Read more about Vulnerability and how to patch here.

Only 5 days after the release of the vulnerability, two exploits are on the street. Both exploits, tested on WINXP SP2, will give the attacker the ability to run code of her or his choosing on the compromised machine. As of this writing, a patch has not been made available, as far as we know.