Internet Explorer contains a flaw that may allow a malicious user to remotely execute arbitrary code. The issue is due to an unspecified vulnerability in the pdwizard.ocx Active X object and is related to MS VB6 objects and memory corruption. It is possible that the flaw may result in a loss of integrity.

Microsoft has released MS07-45 to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): prevent COM objects from running in IE and/or configure Internet and Local Intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones.

• Security Tracker: 1018562
• CVE ID: 2007-3041 (see also: NVD)
• OVAL ID: 2232
• Bugtraq ID: 25295
• Secunia Advisory ID: 26419
• SCIP VulDB ID: 3245
• Related OSVDB ID: 36396 36397
• Microsoft Knowledge Base Article: 937143
• VUPEN Advisory: ADV-2007-2869
• News Article: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9030696
• Vendor URL: http://www.microsoft.com/en-us/default.aspx
• Microsoft Security Bulletin: MS07-045

• Not Available