MS.IE.HTML.Object.Memory.Corruption

Last Updated DateMar 09, 2010
Release DateJan 12, 2010
SeverityCritical
ImpactSystem Compromise
DescriptionThis indicates an attack attempt against a memory-corruption vulnerability in Microsoft Internet Explorer.

The vulnerability is caused by an error when the vulnerable software handles a specially crafted CSS style object. It allows a remote attacker to execute arbitrary code.
Affected ProductsMicrosoft Internet Explorer 6
Microsoft Internet Explorer 7
Recommended ActionsApply the patch supplied by the vendor:
http://www.microsoft.com/technet/security/bulletin/ms09-072.mspx
Common Vulnerabilities and Exposures (CVE)http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3672
Microsoft Bulletin IDMS09-072   http://www.microsoft.com/technet/security/Bulletin/MS09-072.mspx
Reference/shttp://www.securityfocus.com/bid/37085 (BugTraq)
http://www.vupen.com/english/advisories/2009/3301
Reference: VID-18021