A friend sent me this.
Yesterday, November 21, 2005, a security company named Computer
Terrorism
Ltd. Released a proof-of-concept working exploit demonstrating arbitrary
code execution on a fully-patched version of Microsoft Internet
Explorer.
There are no vendor supplied patches at this time.
As there is a public exploit available, to reduce your exposure to this
vulnerability I recommend you apply the mitigating strategies outlined
in
Microsoft's response to this vulnerability. A specific recommended
action
item is to disable Active Scripting for all security zones in Internet
Explorer, with the exception of "Trusted Sites". Then specific sites
you
need to allow scripting for may be added to the "Trusted Sites" zone.
See Microsoft's recommendations for details on how to do this:
http://www.microsoft.com/technet/security/advisory/911302.mspx
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance