CVE-2011-1243

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 through SP3

Description A remote code execution issue exists in the Microsoft Windows Messenger ActiveX Control, allowing attackers to execute arbitrary code by constructing a specially crafted Web page. When a user views the Web page, the issue could allow remote code execution, potentially giving the attacker the same user rights as the logged-on user.

Recommendations For Microsoft Windows XP versions SP2 through SP3, consider disabling the Windows Messenger ActiveX control to minimize the risk of exploitation until a patch is available. Restrict access to web pages that could potentially exploit this issue to reduce the risk of remote code execution.