Overview
A vulnerability in Microsoft Internet Explorer may allow remote code execution.
A vulnerability in Microsoft Internet Explorer may allow remote code execution. Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element Exploitation can be achieved via a specially-crafted web page. Failed exploit attempts may result in an application crash (denial-of-service)
Attack VectorWebsite with malicious content
User Interactionuser interaction is needed
Vendor StatusResponded, not patched
Vulnerable Systems
Internet Explorer
7 Windows XP Professional X64 Edition SP2,
Timeline
A proof of concept has been released.
2009-11-20Vulnerability information has been publicly disclosed.
2009-11-21Vulnerability information has been publicly disclosed.
2009-11-23Vendor has provided information on the vulnerability.
Recommendations McAfee Product Mitigation
Additional Resources
Microsoft Security Advisory (977981) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/977981.mspx
Microsoft Security Advisory (977981) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/977981.mspx