[ShadowAce]

[zeugma]

From the article, it says that it allows "an outsider could use to run code on a vulnerable PC". Does that mean it execute with user privs? It doesn't sound like you get priviledge elevation, or I would expect them to say that.

I'm also confused as to whether this is a remote-site issue like we had this January with the Microsoft WMF defect? By that, I mean, can you execute arbitrary code via a link from FR? I'm sure you could post a link to an external site and sucker people into clicking it by saying it was a poll or something though, so I guess the distinction really doesn't matter much.