Skip navigation

Flaw in Microsoft DLL Exploitable via Internet Explorer

FrSIRT reported that a particular DLL that is only installed with Office and Visual Studio can be exploited via Internet Explorer. When the DLL is present the flaw affects Windows 98, Millennium Edition, 2000, XP, and Windows Server 2003 with Internet Explorer versions 5.x and 6.x.

Microsoft posted several workarounds to help defend against potential exploits. The workarounds include setting the security level of Internet Explorer's Internet zone to high, prompt before running ActiveX controls, disable ActiveX controls, and modifying the way the DLL (MSDSS.DLL) works on systems.
Details are available in the company's advisory .

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.