This problem was introduced into the browser from, ironically, one of the latest patches from Microsoft. The patch in question is MS06-042. The good folks at Secunia have more on this,
Description:
A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user’s system.The vulnerability is caused due to a boundary error when processing URLs on a website using HTTP 1.1 and compression. This can be exploited to cause a heap-based buffer overflow via an overly long URL (more than about 500 bytes).
Successful exploitation allows execution of arbitrary code when a user is e.g. tricked into visiting a malicious website.
The vulnerability affects Internet Explorer 6 SP1 on Windows 2000 and Windows XP SP1 and was introduced by the MS06-042 patches.
[tags]MS06-042, Internet Explorer, Vulnerability, Overflow[/tags]
