the corrupted VTABLE address is not a mappable userland address.
IV. DETECTION
iDefense confirmed the existence of this vulnerability in Internet
Explorer versions 6 and 7. Internet Explorer versions 5 and 8 do not
appear to be affected.
V. WORKAROUND
Disabling Active Scripting will prevent this vulnerability from being
interaction is needed.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in Internet
Explorer versions 6, 7, and 8. Internet Explorer 5 does not appear to
be vulnerable.
V. WORKAROUND
Since this vulnerability is triggered through script code, disabling
=====
Critical
Affected Software:
==================
For a list of Internet Explorer versions affected, please see the Microsoft Security Advisory reference below.
Additional Information:
=======================
In order to compromise a system / remotely execute code, an attacker would lure a user to a maliciously crafted website. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
. 2010-07-02:
Vendor informs Core that the IE team has finished the investigation into
this issue and was able to reproduce the issue reported. During the
investigation it was determined that this is an exploitable crash in
Internet Explorer. Vendor will send Core the list of affected Internet
Explorer versions when available.
. 2010-07-02:
Core acknowledges receipt of the update, and reminds that although the
vulnerable code is owned by the IE team this also affects Office
(including 2010). Core offers to postpone publication of its advisory
social engineering or injecting content into compromised, trusted
sites.
IV. DETECTION
Internet Explorer versions 6 and 7 are vulnerable.
V. WORKAROUND
Since the vulnerability is triggered through JavaScript, disabling
Active Scripting will prevent the exploitation of this vulnerability.
There is a vulnerability in Internet Explorer which enables execution
of arbitrary code if the user visits a web page controlled by the
attacker. The vulnerability is caused by an use-after-free bug
triggered by accessing a previously deleted Option element. This
vulnerability has been observed in Internet Explorer versions 6, 7 and
8. The vulnerability has been patched by Microsoft on October 11,
2011.
II. THE BUG
