FYI...Microsoft Security Advisory (977981)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Updated: November 25, 2009
• V1.1 (November 25, 2009): Corrected the CVE reference, added a mitigating factor concerning Web-based attacks, and clarified the workaround involving DEP*.
* "... • Enable DEP for Internet Explorer 6 or Internet Explorer 7 via automated Microsoft Fix It. See Microsoft Knowledge Base Article 977981** to use the automated Microsoft Fix it solution to enable or disable this workaround
...Impact of workaround
: Some browser extensions may not be compatible with DEP and may exit unexpectedly. If this occurs, you can disable the add-on, or revert the DEP setting using the Internet Control Panel. This is also accessible using the System Control panel..."
Last Updated: 2009-11-26 15:11:12 UTC - "... We strongly encourage all IE users to review the new information posted by MS, especially in light of workable exploits that are starting to surface on the web."
: Microsoft Security Bulletin MS09-072 - Critical
Cumulative Security Update for Internet Explorer (976325)
• V1.0 (December 8, 2009): Bulletin published.
• V1.1 (December 9, 2009): Corrected a reference to Microsoft Knowledge Base Article 976749 in the section, Frequently Asked Questions (FAQ) Related to This Security Update. Also corrected, in the Security Update Deployment section, the registry key for verification of the update for Internet Explorer 7 for all supported x64-based editions of Windows XP.