Just visiting a hacked website can allow complete control of the PC?

http://www.microsoft.com/technet/security/advisory/972890.mspx

Vista and Server 2008 are immune to the attacks because of the default security configurations..

Setting the KillBit for that Active-X control on XP/Server 2003 is also supposed to block the attack vector.

Remember kids! Don't use drugs...or Internet Explorer...

Just another ActiveX buffer overflow in a very long line of ActiveX buffer overflows. IE does not require ActiveX to work. You can turn it off, prompt or disable it for the Internet zone and enable it for the Trusted zone if you like.

If you would like some tips on safe browsing you can look at the link below. They have pictures with instructions, if you scroll down.


http://www.us-cert.gov/reading_room/securing_browser/

Just another ActiveX buffer overflow in a very long line of ActiveX buffer overflows. IE does not require ActiveX to work. You can turn it off, prompt or disable it for the Internet zone and enable it for the Trusted zone if you like.

If you would like some tips on safe browsing you can look at the link below. They have pictures with instructions, if you scroll down.


http://www.us-cert.gov/reading_room/securing_browser/

Unfortunately, that while great advice and actually working as advertised (preventing a huge number of infections), creates more than a fair share of headaches for Joe User who is plagued with enough MS warning popups that he ends up turning them all off...:rolleyes: Or his internet ends up 'broken'...

Between ActiveX and JavaScript (and to some degree .Net) if they are off, most of what the average user sees as an 'internet experience' is lost...

Remember kids! Don't use drugs...or Internet Explorer...

Oh?really?I got it!