Microsoft
Internet Explorer Uninitialized Remote Code Execution Vulnerability
Date Discovered:
12/08/2009
Severity:
High
Applications
Affected:
Microsoft Internet
Explorer 7
Microsoft Internet
Explorer 8
Type:
Remote
Identifiers:
CVE-2009-3673
Synopsis
Microsoft
Internet Explorer is prone to remote code execution vulnerability. This
vulnerability exists in the way that Internet Explorer accesses an
object that has not been correctly initialized or has been deleted.
A
remote code execution vulnerability exists in the way that Internet
Explorer accesses an object that has not been correctly initialized or
has been deleted.
When Internet Explorer attempts to access an object that has not been
initialized or has been deleted, it may corrupt memory in such a way
that an attacker could execute arbitrary code in the context of the
logged-on user.
An attacker could exploit the vulnerability by constructing a specially
crafted Web page. When a user views the Web page, the vulnerability
could allow remote code execution.
An attacker who successfully exploited this vulnerability could take
complete control of an affected system. An attacker could then install
programs, view, change, delete data, or create new accounts with full
user rights.
