Check your speedNote:Organizations should only install this patch if they are not able to disable Active Scripting as a means of mitigation.
eEye Digital Security is advising customers to the existence of exploit code that targets a critical security vulnerability in Microsoft Internet Explorer. The exploit pertains to an unpatched vulnerability that has been released on various public mailing lists.
This issue affects any Windows operating system running Internet Explorer versions 5.01 SP4 through 6.0 SP1. The vulnerability results from the method in which Internet Explorer handles HTML Objects. This flaw allows for remote code to be executed on the target system. If successfully exploited, an attacker will only have the rights of the currently logged on user. System Administrators should be careful to not use Administrator accounts for general system use.
There have been numerous reports of this vulnerability being used on various websites in attempts to install Spyware and remote control ""bot"" software for use in Distributed Denial of Service (DDoS) attacks.
The recommended action required to protect systems against this attack is to disable Active Scripting from within Internet Explorer.
Additionally, eEye Digital Security s Research Team has released a workaround for the vulnerability as a temporary measure for customers who have not yet installed Blink, eEye's host-based intrusion prevention solution. This workaround is not meant to replace the forthcoming Microsoft patch, rather it is intended as a temporary protection against this flaw.
Did you find this download useful?
25 out of 50 users found this download useful
