A vulnerability in Internet Explorer could allow an attacker to take control of your computer.
Apply an update
The updates to address these vulnerabilities are available on the Microsoft Update site. We recommend enabling Automatic Updates.
Disable Active Scripting
This vulnerability can be mitigated by disabling Active Scripting in the Internet Zone, as specified in the Securing Your Web Browser document. Note that this will not block the vulnerability, but it will help to protect your computer against a common method used to execute this vulnerability.
Enable DEP in Internet Explorer 7
Enabling DEP in Internet Explorer 7 on Windows Vista can help mitigate this vulnerability by making it more difficult to achieve code execution using this vulnerability.
When rendering certain documents, Internet Explorer may crash or allow an attacker to run code on your computer. The attacker could install malicious software or access sensitive personal information. Attackers are actively exploiting this vulnerability.
For more technical information, see US-CERT Technical Alert TA08-352A and US-CERT Vulnerability Note VU#493881.
- US-CERT Technical Cyber Security Alert TA08-352A - <http://www.us-cert.gov/cas/techalerts/TA08-352A.html>
- Microsoft Security Bulletin MS08-078 - <https://www.microsoft.com/technet/security/bulletin/ms08-078.mspx>
- US-CERT Vulnerability Note VU#493881 - <http://www.kb.cert.org/vuls/id/493881>
- Securing Your Web Browser - <https://www.us-cert.gov/reading_room/securing_browser/#Internet_Explorer>
Feedback can be directed to US-CERT.
Produced 2008 by US-CERT, a government organization. Terms of use
Revision History
December 17, 2008: Initial release