IE Exploit Moves from DoS to Remote Code Execution
Published on 29 Nov 2005 · Filed in News · 101 words (estimated 1 minutes to read)As a follow-up to my posting Zero-Day IE Exploit, it has now been discovered that this exploit is no longer just a denial of service (DoS) flaw, but rather a flaw that can allow remote code execution (see here for more information). As of this writing, there is no patch for this vulnerability and the only workaround is to disable Active Scripting in IE.
For your convenience, here’s a link to a Microsoft KB article that describes how to disable Active Scripting.
Alternately, you can just switch to Firefox (which, by the way, is supposed to release Firefox 1.5 sometime today).