IE Exploit Moves from DoS to Remote Code Execution29 November 2005 · Filed in News
As a follow-up to my posting Zero-Day IE Exploit, it has now been discovered that this exploit is no longer just a denial of service (DoS) flaw, but rather a flaw that can allow remote code execution (see here for more information). As of this writing, there is no patch for this vulnerability and the only workaround is to disable Active Scripting in IE.
For your convenience, here’s a link to a Microsoft KB article that describes how to disable Active Scripting.
Alternately, you can just switch to Firefox (which, by the way, is supposed to release Firefox 1.5 sometime today).Tags: Security · Web · Windows Previous Post: ipfw Rules for Bonjour Next Post: Microsoft Promises Not to Sue