Internet Explorer's ActiveX handling has a memory corruption flaw which could allow attackers to run arbitrary code remotely.

This exploit would have to be undertaken from a site from which the user trusts ActiveX content. Unfortunately, most users, if lured by some trivial promise, will trust just about any site. In conjunction with some judicious website hacks, an exploit based on this vulnerability could spread far and wide.

Currently, disabling ActiveX is the only known work-around. Altravision users may chose to enforce global blocking of ActiveX controls except from sites which are trusted by the network administrator.

Related Information:

Secunia: Advisory 20906 - Internet Explorer HTML Help ActiveX Control Memory Corruption

Altravision: 2 New IE Flaws - One Shared With Firefox!

Altravision: More IE Vulnerabilities - More Scope For Malware