Public exploits available
This remote code execution vulnerability in Internet Explorer 6 and Internet Explorer 7.
This remote code execution vulnerability in Internet Explorer 6 and Internet Explorer 7. An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. The attacker could also take advantage of compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site.
All applications not on the affected list.
No known false positives at this time.
No known work-arrounds at this time.