Scott's Weblog The weblog of an IT pro specializing in cloud computing, virtualization, and networking, all with an open source view

IE Exploit Moves from DoS to Remote Code Execution

As a follow-up to my posting Zero-Day IE Exploit, it has now been discovered that this exploit is no longer just a denial of service (DoS) flaw, but rather a flaw that can allow remote code execution (see here for more information). As of this writing, there is no patch for this vulnerability and the only workaround is to disable Active Scripting in IE.

For your convenience, here’s a link to a Microsoft KB article that describes how to disable Active Scripting.

Alternately, you can just switch to Firefox (which, by the way, is supposed to release Firefox 1.5 sometime today).

Metadata and Navigation

Be social and share this post!