This application requires Javascript for optimal performance.

MS.IE.HTML.Object.Memory.Corruption

Release Date

Jan 12, 2010

Severity

critical

Impact

System Compromise

Description

This indicates an attack attempt against a memory-corruption vulnerability in Microsoft Internet Explorer.

The vulnerability is caused by an error when the vulnerable software handles a specially crafted CSS style object. It allows a remote attacker to execute arbitrary code.

Affected Products

Microsoft Internet Explorer 6
Microsoft Internet Explorer 7

Recommended Actions

Apply the patch supplied by the vendor:
http://www.microsoft.com/technet/security/bulletin/ms09-072.mspx

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2009-3672

Reference/s

http://www.vupen.com/english/advisories/2009/3301
http://www.microsoft.com/technet/security/Bulletin/MS09-072.mspx (MS-ID)
http://www.securityfocus.com/bid/37085 (BugTraq)

Reference: VID-18021