Secunia (http://secunia.com/advisories/12959/)

Extremely critical

The vulnerability does not affect systems running Windows XP with SP2 installed.
Successful exploitation does not normally require any user interaction, and code is already "in the wild" rather than in a controlled environment.

the IFRAME is quite interesting when used in that fashion. But IFRAM are less and less used now a day.

a very easy cure apart from stopping using IE is to use prevx (https://www.prevx.com/homeoffice/homeoffice_homedownload.htm) which is supposed to prevent all known forms of buffer overflow in NT based systems

A vulnerability in Explorer (Win98& older versions of NT) that may allow for script code to be executed in the Local Zone. When an IFRAME in a dialog changes its location or Zone, the dialogArguments object provided by the calling content should not be accessible. The dialogArguments object is accessible despite the fact that its originating location/Zone is different from the parent.

A demonstration is available at:
http://www16 .brinkster.com/liudieyu/BadParent/BadParent-MyPage.htm

Fortunately, disabling scripting is a workaround.

It would be cool if someone could test the POC with PrevX, since they claim it will stop buffer overflows. I'm not using PrevX yet btw, but this is a great chance for them to convince people of PrevX's potential powerful protection.

{QUOTE-> a very easy cure apart from stopping using IE is to use prevx (https://www.prevx.com/homeoffice/homeoffice_homedownload.htm) which is supposed to prevent all known forms of buffer overflow in NT based systems <-QUOTE}

I never did like cure alls! I think in the early 1900's, they were referred to as "Snake Oil." prevx obviously has its uses that is why it has quite a following but a "cure all"? IMO there are simply too many unknowns due to design errors, Failure to Handle Exceptional Conditions, Access Validation Errors, Boundary Condition Errors, etc. for a single utility like prevx to be a cure all.