ITSS-Advisory : Medium : Microsoft : Internet Explorer : Potentially dangerous Remote code execution

Vulnerabilities in Internet Explorer : Potentially dangerous Remote code execution
====================================================================================

THREAT LEVEL
============
Medium

INFORMATION
===========

A serious vulnerability has been identified in Microsoft Internet
Explorer 7, which is currently being exploited in the wild.
This vulnerability could allow the remote execution of arbitrary code when visiting potentially malicious web sites.

AFFECTED PLATFORMS
==================
All platforms running Microsoft Internet Explorer 7

ACTION
======
As a patch has not been released at the time of this publication,
it is highly recommended that users consider using a web browser other than Internet Explorer until a patch becomes available.

The vendor has provided limited workarounds suggesting that using "...Protected Mode in Internet Explorer in Windows Vista limits the
impact of the vulnerability. The vendor also suggests that "...setting the Internet zone security setting to High protects against all currently known exploits of this vulnerability by disabling scripting, disabling less secure features in Internet Explorer, and blocks known techniques used to bypass Data Execution Prevention (DEP)."
Users should run as a "limited user" in order to reduce the impact of any potential exploitation.

Administrators of affected computers are advised to review the
bulletins, test and apply relevant updates.

[1] Microsoft Security Advisory (961051) Vulnerability in Internet Explorer Could Allow Remote Code Execution http://www.microsoft.com/technet/security/advisory/961051.mspx
[2] CVS log for sigs/CURRENT_EVENTS/CURRENT_IE_0Day
http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_IE_0Day