Computer Security Research – McAfee Labs Blog.
This is an expansion of the most recent IE exploit. Now comes the analysis.
Allowing a system level file for windows(in this case a dll) be executable without any kind of security context is a really bad idea. That’s really all Activex is but there are several other DLL’s inside of IE that allow other DLL’s to be executed. In this case it was mshtml.dll. Mshtml.dll was the source of hte exploit and now a further analysis of the malware shows it uses it’s own dll to leverage this vulnerability.
ECC HIGHLY reccomends you do one of two things:
1. Simply don’t use IE at all
2. If you can’t(or won’t) at least get your security setup to wholesale blacklist dll’s at the firewall. This will break some sites that are coded for IE. Many of these sites will work under Firefox as well.