About the same time Jelmer found the adodb bug, http-equiv found a similiar issue with the object "Shell.Application". This issue has also been unfixed for the past ten months. Unfortunately, Microsoft has not taken the "hint" and not fixed this issue either. Jelmer has noted this and made a proof of concept exploit page here: http://62.131.86.111/security/idiots/malware2k/installer.htm The below registry file will protect you from this exploit by kill biting "Shell.Application" variant. <-------------------------------------------> Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13709620-C279-11CE-A49E-444553540000}] "Compatibility Flags"=dword:00000400 <--------------------------------------------> I will be updating our free fix download here: http://www.eeye.com/html/research/alerts/AL20040610.html This will break some hta scripts that might be used for management. It may cause some incompatibility issues with some programs. Shell.Application is commonly used by administrators for administration of systems via Visual basic script or WSH. It may have other uses. It is kind of Microsoft's answer to shell script -- though not as happy as batch.