Guninski Uncovers XML Scripting Flaw

Early this morning, BetaNews received an advisory from Georgi Guninski on yet another vulnerability that he has uncovered. The bug involves Active Scripting being executed, even when disabled in IE5.x and Outlook Express. Microsoft claims that a fully patched Internet Explorer 5.x with updated Windows Scripting Host will not experience the problem, but Guninski disagrees. 

"There is security vulnerability in IE 5.x and at least Outlook Express. The problem is Active Scripting is still executed even if it is
disabled. While this is not actual exploit by itself it opens the door for many other exploits."

If your machine is experiencing this problem, or you are unsure if you are vulnerable, disable Active Scripting and click here.

The advisory and full demonstration is available at:
http://www.guninski.com/iexslt.html.