Microsoft and Andreas suggest the following workarounds: >2. disable "allow paste operations via script" (best) >3. disable active scripting
Using these workarounds is currently futile for users with Office installed. The clipboard text can be set regardless of configuration as we've shown in GM#007-IE, and disabling scripting can be easily circumvented as we've shown in GM#005-IE. These vulnerabilities have been disclosed 3.5 months ago and still haven't been patched. References: http://sec.greymagic.com/adv/gm005-ie/ http://sec.greymagic.com/adv/gm007-ie/ But even without these workarounds the severity of this vulnerability is low-medium at best since it requires a non-trivial user interaction. - GMS
