QUOTE
A critical vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a memory corruption error when processing malformed HTML pages containing specially crafted calls to the JavaScript "window()" object and the "body onload" tag, which could be exploited remote attackers to take complete control of an affected system by convincing a user to visit a malicious Web page.
This vulnerability has been confirmed on Windows XP SP2 with Internet Explorer 6 (fully patched).
This vulnerability has been confirmed on Windows XP SP2 with Internet Explorer 6 (fully patched).
Secunia shares this Solution: Disable Active Scripting except for trusted sites.
A new proof-of-concept (POC) exploit has been published for a critical unpatched IE vulernability. Please be careful of any websites you visit and so far there are no reports of the POC being found in the wild.
New Zero Day Internet Explorer Remote Code Execution Exploit
http://www.frsirt.com/english/advisories/2005/2509
http://www.frsirt.com/exploits/20051121.IEWindow0day.php
http://secunia.com/advisories/15546/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1790
