CVE-2007-3041

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 5.01, 6 SP1, and 7

Description: The issue allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption. A remote code execution vulnerability exists in the ActiveX object, pdwizard.ocx, which could be exploited by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution, potentially giving an attacker the same user rights as the logged on user.

Recommendations: For Internet Explorer versions 5.01, 6 SP1, and 7, consider disabling the pdwizard.ocx ActiveX object as a temporary workaround until a patch is available. Restrict access to Web pages that could potentially exploit this vulnerability to minimize the risk of exploitation.