A serious security vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 was discovered few days back, which allows remote attackers to execute arbitrary code via a crafted XML document containing nested SPAN elements, as exploited in the wild in December 2008. (REF CVE-2008-4844)
Microsoft has released a Security Update for Internet Explorer (960714) which resolves the vulnerability. This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, and Internet Explorer 7.
You may install the update via Automatic Updates, Windows Update or download the update from Microsoft Download Center.
RahulPatel--twikies... 
Leave a comment