An invalid pointer reference within Microsoft Internet Explorer may lead to execution of arbitrary code.
Microsoft Internet Explorer contains a memory corruption vulnerability, which can result in an invalid pointer being accessed after an object is incorrectly initialized or has been deleted. In certain circumstances, the invalid pointer access can be leveraged by an attacker to execute arbitrary code. This vulnerability is being actively exploited, and exploit code is publically available.
Please see Microsoft Security Advisory 979352 for further information.
By convincing a user to load a specially crafted HTML document or Microsoft Office document, a remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition.
Apply an update
Enable Data Execution Prevention (DEP) on Internet Explorer 6 or Internet Explorer 7
This vulnerability was reported by Microsoft. Microsoft credits Google Inc., MANDIANT, Adobe, and McAfee.
This document was written by David Warren.
|Date First Published:||2010-01-14|
|Date Last Updated:||2010-01-21 21:14 UTC|