December 28th, 2004, 05:36 PM
** HEAD'S UP ** Microsoft Internet Explorer vulnerability (varient)
28.12.2004 : Internet Explorer Remote Command Execution Exploit.
This unpatched vulnerability is a variant of the "Auto SP2 RC Exploit"
It can be exploited to bypass the "Local Computer" zone lockdown
security feature in SP2 and allow execution of arbitrary commands.
K-OTik Security confirmed this vulnerability on a fully patched
Windows XP SP2 system with Internet Explorer 6.0
Solution : Set the security level to "High" in Internet Explorer or Use another browser.
More at http://www.k-otik.com/exploits/20041228.CMDExe.php
Like they said : Use another browser