The vulnerability is caused due to an error in the DHTML Edit ActiveX control when handling the "execScript()" function in certain situations. This can be exploited to execute arbitrary script code in a user's browser session in context of an arbitrary site.
tedster
6:26 pm on Dec 18, 2004 (gmt 0)
On that same page - a note about a PDF vulnerability that can be fixed with an update.
