New IE Information Disclosure Advisory

Microsoft has announced in Advisory (980088) that there has been a publicly disclosed vulnerability in Internet Explorer, versions 5 through 8.

Users not running Internet Explorer in Protected Mode are at risk of having information, in files with predictable names, accessed by attackers.

This vulnerability cannot be exploited to execute remote code or used for a denial-of-service attack.

The largest group of users at risk are Windows XP users running IE without Protected Mode enabled. Internet Explorer on Vista and Windows 7 has Protected Mode enabled by default.

Though no patch exists at this time, users can protect themselves by simply enabling Protected Mode in Internet Explorer (which may require upgrading to a version of IE that has Protected Mode).

You can find  more information on Microsoft Advisories and Bulletins at the SophosLabs vulnerability analysis page.