CVE-2007-0946

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer 7 versions on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista

Description: The issue allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in memory corruption. Several remote code execution vulnerabilities exist due to attempts to access uninitialized memory in certain situations. An attacker could exploit these vulnerabilities by constructing a specially crafted Web page, potentially allowing remote code execution and complete control of an affected system.

Recommendations: For Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista, consider restricting access to crafted HTML objects until a patch is available. As a temporary workaround, avoid viewing specially crafted Web pages with Internet Explorer 7 on these operating systems until the issue is resolved.