Does not affect IE8 or Windows 7.
Security Advisory 981374 Released
Microsoft Security Response Center(MSRC) Blog, March 09, 2010
Hi everyone,
Today we released Security Advisory 981374 addressing a publicly disclosed vulnerability in Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is not affected by this issue. Customers using Internet Explorer 6 or 7 should upgrade to Internet Explorer 8 immediately to benefit from the improved security features and defense in depth protections. Additionally, Internet Explorer 5.01 on Windows 2000 is not affected.
At this time, we are aware of targeted attacks seeking to exploit this vulnerability against Internet Explorer 6. Internet Explorer Protected Mode in Internet Explorer 7 running on Windows Vista helps to mitigate the impact of this issue. Additionally, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. Please review the Security Advisory for additional workarounds which include modifying the Access Control List (ACL) on iepeers.dll (the affected component), setting the Internet and local Intranet security zones to "high", configuring Internet Explorer to prompt before running Active Scripting, and enabling Data Execution Prevention (DEP) where possible which makes it difficult to successfully exploit the vulnerability.
-Microsoft Security Advisory (981374)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: March 09, 2010
