Published: 2005-11-22
The vulnerability targeted by the exploit was originally announced in May as a stability issue resulting in the browser closing. With the release of the exploit code, however, security researchers have demonstrated that malicious code can be remotely executed after convincing a user to click on a link.
The public proof-of-concept exploit launches the Calculator included with Windows; however this could be easily modified to more malicious executables.
Microsoft has expressed concern that this new vulnerability was not disclosed to them first, potentially putting users at risk. Although there is currently no patch for this vulnerability, disabling Active Scripting or switching to an alternate browser such as Mozilla Firefox would effectively mitigate the risk.
Posted by: Peter Laborge
