Microsoft Security Advisory: Vulnerability in Internet Explorer could allow remote code execution

Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows.

INTRODUCTION

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:

More Information

Two Fix it solutions are available:


  • Fix it solution for peer factory in iepeers.dll

    We have created an application compatibility database that will disable peer factory in the iepeers.dll binary for supported versions of Internet Explorer on Windows XP and Windows Server 2003.
    To install this application compatibility database, click the Fix it button in the "Fix it solution for peer factory in iepeers.dll" section.
  • Fix it solution for Data Execution Prevention

    We have created an application compatibility database that will enable Data Execution Prevention (DEP) for all versions of Internet Explorer that support DEP. You do not need this database if you are using Internet Explorer 8 on Windows XP Service Pack 3 (SP3) or on Windows Vista SP1 or later versions. This is because Internet Explorer 8 opts-in to DEP by default on these platforms.


    To install this application compatibility database, click the Fix it button in the "Fix it solution for Data Execution Prevention" section.

Fix it solution for peer factory in iepeers.dll


To apply the "Disable peer factory in iepeers.dll" automatically to supported versions of Windows XP and Windows Server 2003, click the Fix it button or link. Click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.





To undo the fix and restore the original settings, click the Fix this problem link under the "Disable this fix" heading. Then, click Run in the File Download dialog box and follow the steps in the wizard.
Enable this fixDisable this fix

Notes
  • This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
  • If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem.

Fix it solution for Data Execution Prevention

To enable or disable DEP automatically, click the
Fix itbutton or link. Click
Runin the
File Downloaddialog box, and then follow the steps in the Fix it wizard.
Enable Application Compatibility DatabaseDisable Application Compatibility Database
Notes
  • These wizards may be in English only. However, the automatic fixes also work for other language versions of Windows.
  • If you are not on the computer that has the problem, save the Fix it solutions to a flash drive or a CD and then run it on the computer that has the problem.
  • These wizards do not apply to Windows 2000-based operating systems because Windows 2000 does not support DEP.
  • For this workaround to be effective, your processor must support Hardware-enforced DEP. For more information about how to determine whether your system supports Hardware-enforced DEP click the following article number to view the article in the Microsoft Knowledge Base:
    912923 How to determine that hardware DEP is available and configured on your computer
Properties

Article ID: 981374 - Last Review: Jun 8, 2011 - Revision: 1

Feedback