Internet Explorer (IE) is vulnerable to attack that might lead to remote code execution. The vulnerability allows intruders to install shell code and take subsequent actions, including the ability to install malware. A successful attack can occur when IE handles documents that use Vector Markup Language (VML). The vulnerability is being actively exploited via Web sites around the Internet.
Sunbelt Software discovered the vulnerability and notified Microsoft who is investigating the matter. No patch is available at this time, however users can protect themselves against this attack method by disabling Javascript in IE. Additional workaround methods are available in Microsoft's related Security Advisory, "Vulnerability in Vector Markup Language Could Allow Remote Code Execution."
The company stated that a security update is being developed that it hopes to release as part of its regularly scheduled monthly security patches, the next of which is currently scheduled for October 10, 2006.
