1. Home
  2. Forums Index
  3. Browser Side / HTML 8:08 am May 1, 2026

Forum Moderators: open

Message Too Old, No Replies

Vulnerability in Internet Explorer 6 and 7

         

bill

2:31 am on Nov 25, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Microsoft Security Advisory (977981) [microsoft.com]
Vulnerability in Internet Explorer Could Allow Remote Code Execution

Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 and Internet Explorer 8 on all supported versions of Microsoft Windows are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected.

The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.

tedster

3:27 am on Nov 25, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Apparently nothing has been seen in the wild at all. MS reports that they noticed a vulnerability and may soon issue a patch for it in their monthlies. I'm curious about why they would publish this information, even as general as it is.

bill

7:31 am on Nov 25, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Could they be using this to urge people to update?
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Browser Side / HTML 8:08 am May 1, 2026