The vulnerability was first discussed at this week s Black Hat DC conference by Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies. Microsoft says the risk is highest for IE users running Windows XP or who have disabled Protected Mode feature. Medina plans to release proof-of-concept code for the attack next month and after Microsoft issues a security update for the flaw. The problem does affect every version of the browser and is considered most serious on Windows XP. The vulnerability exists due to content being forced to render erroneous information from local files in such a way that information can be exposed to malicious websites.
Source: https://threatpost.com/microsoft-confirms-new-ie-data-leakage-flaw-020310/73484/