The flaw lies in the Windows MHTML (Mime HTML) parsing software used by Internet Explorer, and affects all currently supported versions of Windows. It was disclosed on the Full Disclosure mailing list in January.

The seventh and ninth paragraphs have been removed.