It's not a bug, it's a feature; OK, it's a bug

Microsoft Corporation today issued a security bulletin for a "feature" inInternet Explorer 5.0 that security analysts have been complaining about forthe past two weeks. At issue is the DHTML (Dynamic HTML) Edit control, anActiveX control included with IE 5.0 that enables users to edit HTML textdirectly in the browser. It seems that a malicious Web site operator couldtrick a user into entering sensitive data into a DHTML Edit control hostedon a Web page from the operator's site, and then upload the data.

The company has issued a fully supported patch that fixes the problem. Thispatch applies to all users of Internet Explorer 5.0 for Windows and anyusers of IE 4.0 that downloaded that particular ActiveX control. You cancheck to see whether you have the control by checking for the existence ofthe file dhtmled.ocx in the C:Program FilesCommon FilesMicrosoftSharedTriedit folder.

You can find the patch for this security bug at the "DHMTL Edit ontrol"Update page on the Microsoft Web site