Here’s a disturbing report of a Cross-Site Scripting Vulnerability in Internet Explorer, from Secunia. Note that installing SP2 alone will not protect you from this problem, although it does offer a useful tool to fix it temporarily.
Clicking the test link on their page opens an IE window that contains their own content, with “https://www.paypal.com/” displayed in the Address bar and an authentic-looking SSL padlock icon in the status bar. (Clicking the test link in Firefox does nothing.)
This test page, of course, does nothing. But if it were an actual phishing attack, it would be possible for a bad guy to convince you to give up personal information like a password or a credit card number in the mistaken belief you were actually at a Web site belonging to your bank, PayPal, Ebay, or another trusted site.
To protect yourself until a patch is released, do the following.
- From Internet Explorer, choose Tools, Manage Add-ons. (If you don’t see this menu choice, you don’t have SP2 installed, and you have bigger problems!)
- Scroll down the list and select DHTML Edit Control Safe for Scripting for IE5.
- Click Disable.
- Click OK to close the dialog box, and then restart IE.
Even if you normally use Firefox, I recommend that you take this precaution until a patch is available.
If you have an application that needs to use the DHTML Edit control, there’s a fix that allows this ActiveX control to be used safely, but it’s too complicated to list the instructions here. Leave a comment if you are in this situation.
If you use an earlier version of Windows, you should disable ActiveX.
Update: The DHTML Edit Control is in every version of Windows XP, but it won’t appear in your list of add-ons until it’s actually loaded by a page. Go to the Secunia test site and click the link to their test. After you do that, you can disable this control.
Ed Bott 
hmm I don’t have “DHTML Edit Control Safe for Scripting for IE5.” in my list.
See the update to my original post. The control’s there, but isn’t shown in the list until it’s actually used. Visit the test site and you’ll make it visible.
Thx you.. it worked.
Read article by C Arthur in 19 Jan Independent. I did silly thing and installed ActiveX, THINKING IT WAS THE RIGHT THING TO DO.
Can I deinstall in any way please.
Brian G Bartram
You’re going to have to be more specific. It’s impossible to “install ActiveX.” What exactly did you do, and why do you think you made a silly mistake?
If you clicked yes to an ActiveX prompt and installed a program you don’t want, you have several options. You can use System Restore, you can install MS AntiSpyware, you can use a third-party program like Ad-Aware or Spybot S&D…