Vulnerability Note VU#492515
Microsoft Internet Explorer HTML object memory corruption vulnerability
An invalid pointer reference within Microsoft Internet Explorer may lead to execution of arbitrary code.
Microsoft Internet Explorer contains a memory corruption vulnerability, which can result in an invalid pointer being accessed after an object is incorrectly initialized or has been deleted. In certain circumstances, the invalid pointer access can be leveraged by an attacker to execute arbitrary code. This vulnerability is being actively exploited, and exploit code is publically available.
Please see Microsoft Security Advisory 979352 for further information.
By convincing a user to load a specially crafted HTML document or Microsoft Office document, a remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition.
Apply an update
Enable Data Execution Prevention (DEP) on Internet Explorer 6 or Internet Explorer 7
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||14 Jan 2010|
CVSS Metrics (Learn More)
This vulnerability was reported by Microsoft. Microsoft credits Google Inc., MANDIANT, Adobe, and McAfee.
This document was written by David Warren.
- CVE IDs: CVE-2010-0249
- Date Public: 14 Jan 2010
- Date First Published: 14 Jan 2010
- Date Last Updated: 21 Jan 2010
- Severity Metric: 41.04
- Document Revision: 63
If you have feedback, comments, or additional information about this vulnerability, please send us email.