Dynamic HTML (DHTML) allows the creation of interactive web pages.
Race conditions in various DHTML methods could allow command execution when a specially crafted web page is loaded in Internet Explorer.
Apply the patch referenced in Microsoft Security Bulletin 05-020.
A user must load the exploit URL in Internet Explorer in order to run the exploit. Since the vulnerability is a race condition, the exploit may not always succeed.