Microsoft has a workaround for this security hole
http://www.microsoft.com/technet/security/advisory/903144.mspx
Internet Explorer "javaprxy.dll" Memory Corruption Vulnerability
Secunia Advisory: SA15891 Print Advisory
Release Date: 2005-07-01
Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Workaround
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x
Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.
Description:
SEC Consult has reported a vulnerability in Microsoft Internet Explorer,
which potentially can be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to the javaprxy.dll COM object being
instantiated incorrectly in Internet Explorer via the object tag. This
can be exploited via a malicious web site to cause a memory corruption.
Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in versions 5.01, 5.5, and 6.0.
Solution:
The vendor recommends setting Internet and Local intranet security zone
settings to "High".
Provided and/or discovered by:
sk0L and Martin Eiszner, SEC Consult.
Original Advisory:
Microsoft:
http://www.microsoft.com/technet/security/advisory/903144.mspx
SEC Consult:
http://www.sec-consult.com/184.html
Peter Kaulback
--
--
I haven't failed, I've found 10,000 ways that don't work.
Thomas Edison (1847-1931)
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
