Tom Gilder

**Name of the Vulnerable Software and Affected Versions** Internet Explorer versions 5.01 through 6 Microsoft Windows 2000 SP4 **Description** The issue allows remote authenticated users to execute arbitrary commands due to a cross-site scripting (XSS) vulnerability. This vulnerability could permit access to local HTML-embedded resource files in the Microsoft Management Console (MMC) library. A remote code execution vulnerability in the Windows Management Console could allow an attacker to take complete control of the affected system. **Recommendations** For Internet Explorer versions 5.01 through 6, update to a version that is not affected by this issue. For Microsoft Windows 2000 SP4, consider restricting access to the Microsoft Management Console (MMC) library until a patch is available. As a temporary workaround, consider disabling the execution of arbitrary commands in the MMC library to minimize the risk of exploitation.