-{ Quote: "One of the patches fixes a critical flaw found in Windows XP and Windows Server 2003 systems that also have Internet Explorer 7 installed. This vulnerability is not present in Windows Vista. For more than a month now, cyber criminals have been blasting out spam e-mails containing malicious links or Adobe PDF documents that try to install spyware programs when users click the links or open the files." }-Brian Krebs (http://blog.washingtonpost.com/securityfix/2007/11/microsoft_plugs_critical_windo.html)

I don't use IE 7, so I guess I have nothing to worry about? ???

-{ Quote: "Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003." }-http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx

If the problem exists with all versions of Windows XP, then why was mention made of IE 7? Not everyone with XP uses IE 7. Or is MS still in the delusional state of "integrating" the browser with the OS again? ::)

Hello,

Found this in the MS advisory on their page:

http://www.microsoft.com/technet/security/Bulletin/MS07-061.mspx

Toward the middle:

Microsoft has not identified a way to exploit this vulnerability on any Windows operating system that is running Internet Explorer 6

Hope this helps ...

Mrk

-{ Quote: "If the problem exists with all versions of Windows XP, then why was mention made of IE 7? Not everyone with XP uses IE 7." }-
IE6 discards the malformed commands, IE7 has a bug and pass bad commands to Shell32.dll, but this DLL is equally flawed no matter the version of your browser.