Microsoft Internet Explorer is prone to a heap-based buffer-overflow vulnerability that occurs when the 'javaprxy.dll' COM object is instantiated by a malicious webpage. Attackers may exploit this issue to execute arbitrary code in the context of the client.
Run all software as a nonprivileged user with minimal access rights.
To limit the impact of browser vulnerabilities, perform nonadministrative activities as an unprivileged user with minimal access rights.
Do not follow links provided by unknown or untrusted sources.
Users should be wary of visiting sites of questionable integrity, especially if enticed to do so in unsolicited email.
The vendor has released an advisory (903144) that contains workarounds to prevent exploits of this issue. Customers are urged to review the referenced advisory for further information. Microsoft has released security bulletin MS05-037 along with fixes to address this issue. Please see the referenced advisory for more information. Nortel has released bulletin number 2005006061 describing vulnerable packages. Fixes are not currently available. Please see the referenced document for details.