According to the company's advisory, the flaw is rated as "less critical," because it does not allow attackers to gain control of a system. However, it does put users at risk for exposure of system and personal information, according to Secunia chief technology officer Thomas Kristensen.
"This is a vulnerability that was in IE6 which Microsoft apparently decided not to patch," he said. "It was a surprise to us to see it wasn't fixed." "Microsoft has to reconsider this one," he said. "It's not critical because it can't compromise a system, but it is still a potent way to get information off the system of an unsuspecting user."