Microsoft Internet Explorer is prone to multiple buffer-overflow vulnerabilities when instantiating certain COM objects. An attacker may exploit these issues by enticing victims into opening a maliciously crafted webpage. Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.
Do not follow links provided by unknown or untrusted sources.
Users should be wary of visiting sites of questionable integrity or following links provided by unfamiliar or suspicious sources.
Set web browser security to disable the execution of script code or active content.
Disabling scripting and active content in the Internet Zone may limit exposure to this and other vulnerabilities.
Implement multiple redundant layers of security.
Various memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code.
Run all software as a nonprivileged user with minimal access rights.
To limit the impact of latent vulnerabilities, run the web client as an unprivileged user with minimal access rights.
Microsoft has released an advisory along with fixes to address these issues. Please see the references for more information.