Select the product you need help with

Microsoft Security Advisory: Vulnerability in Internet Explorer could allow remote code execution

Article ID: 2488013 - View products that this article applies to.

INTRODUCTION

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft website:

http://www.microsoft.com/technet/security/advisory/2488013.mspx

(http://www.microsoft.com/technet/security/advisory/2488013.mspx)

To have us fix this problem for you, go to the "Fix it for me" section.

Back to the top | Give Feedback

Fix it for me

The Fix it solution that is described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios.

For more information about this workaround, visit the following Microsoft Security Advisory webpage:

http://www.microsoft.com/technet/security/advisory/2488013.mspx

(http://www.microsoft.com/technet/security/advisory/2488013.mspx)

The advisory provides more information about the issue and includes the following:

The scenarios in which you might apply or disable the workaround
Mitigating factors
Workarounds
FAQ

Specifically, to see this information, look for the "Mitigating Factors and Suggested Actions" heading, and then expand the "Workaround" section.

Fix it solution for recursive cascading style sheets

This Fix it solution adds a check to check whether a cascading style sheet is about to be loaded recursively. If this is the case, the Fix it solution cancels the loading of the cascading style sheet. This Fix it solution takes advantage of a feature that is typically used for application compatibility fixes. This feature can modify the instructions of a specific binary when it is loaded. For more information about Custom Fix Databases, visit the following Microsoft websites:

Windows Vista and Windows 7 users: http://technet.microsoft.com/en-us/library/cc748912(WS.10).aspx
(http://technet.microsoft.com/en-us/library/cc748912(WS.10).aspx)
Windows XP users: http://technet.microsoft.com/en-us/library/bb456982.aspx
(http://technet.microsoft.com/en-us/library/bb456982.aspx)

To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading. Click Run in the File Download dialog box, and then follow the steps in the Fix it Wizard.

Collapse this tableExpand this table

Enable	Disable
Fix this problem Microsoft Fix it 50591	Fix this problem Microsoft Fix it 50592

Known issues

The Fix it solution may cause some slight performance issues because of the increased checking that is required to block the loading of the CSS files.

Notes

This Fix it solution was updated February 01, 2011, to allow the LocalSystem account to install the Fix it solution.
Prior to 10:30 PM Pacific Time, 1/11/2011, the Fixit links on this page incorrectly pointed to the Fixit for KB2490606. If you installed the Fixit from this page prior to that time, you should install the Fixit using the current link in this article.
These wizards may be in English only. However, the automatic fixes also work for other language versions of Windows.
If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem.
To use this Fix it solution, you must have security update 2416400 installed. Security update 2416400 was released on December 14, 2010 and is described in MSRC bulletin MS10-090.
This Fix it solution must be manually uninstalled before you apply a future Cumulative Security Update for Internet Explorer that contains a software fix for this vulnerability.

Back to the top | Give Feedback