> Solution: > ========= > There is no configuration-tweaking workaround for this bug, it will work as > long as the browser parses HTML. The only possible solution must come in the > form of a patch from Microsoft. IMHO this is wrong. you can disable the download of signed / unsigned activex controls. my ie version 5.00.2614.3500 w/patches is not vulnerable with that setting. > Tested on: > ========== > IE5.5sp2 Win98, all patches, Active scripting and ActiveX disabled. > IE5.5sp2 NT4 sp6a, all patches, Active scripting and ActiveX disabled. > IE6sp1 Win2000 sp2, all patches, Active scripting and ActiveX disabled. > IE6sp1 WinXP, all patches, Active scripting and ActiveX disabled.
