CVE-2008-1085

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 5.01 SP4 through 7

Description A use-after-free issue allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption. This can be achieved by constructing a specially crafted Web page that exploits the way Internet Explorer processes data streams. If successfully exploited, an attacker could gain the same user rights as the logged on user.

Recommendations For Microsoft Internet Explorer versions 5.01 SP4 through 7, consider restricting access to untrusted web pages until a fix is available. As a temporary workaround, avoid using Internet Explorer to view potentially malicious web content. At the moment, there is no information about a newer version that contains a fix for this vulnerability.