Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: incrediBILL
Contrary to popular beliefs, the aforementioned security issue is susceptible to remote, arbitrary code execution, yielding full system access with the privileges of the underlying user."
Read about it on the site of computerterrorism. An exploit known on 31/05 and still nothing done about it. And now Microsoft is mad at them for publishing this bug?
I've only got IE6 at work so I won't try it ;)
Without looking at the code, I imagine it is some sort array-bound hack that is likely to be browser-specific and fairly easy to fix (unless your name is Microsoft).
People who want to turn off IE active scripting as a preventative measure might find this useful: How to stop 'Active Scripting' [blogs.zdnet.com]. This will break some sites, although if you need to access the scripting they can be added to the Trusted list.