Vulnerability Note VU#515749
Microsoft Internet Explorer CSS style element vulnerability
Microsoft Internet Explorer (IE) does not safely reference CSS style elements. Using a specially crafted HTML page, an attacker can cause IE to crash and potentially execute arbitrary code.
IE contains a vulnerability in the way it references CSS style elements. Processing a specially crafted HTML page could cause IE to access an invalid memory location and crash. Using heap-spraying techniques, an attacker could leverage the crash to execute arbitrary code.
Please see Microsoft Security Advisory (977981).
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), an attacker could execute arbitrary code with the privileges of the user.
A complete solution is not available.
Disable Active scripting
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||23 Nov 2009||24 Nov 2009|
CVSS Metrics (Learn More)
This vulnerability was publicly disclosed by firstname.lastname@example.org and/or K4mr4n_st@yahoo.com.
This document was written by Art Manion.
- CVE IDs: CVE-2009-3672
- Date Public: 20 Nov 2009
- Date First Published: 24 Nov 2009
- Date Last Updated: 27 Nov 2009
- Severity Metric: 29.25
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.