CVE-2008-1442

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 6 through 7

Description A heap-based buffer overflow issue exists, related to the manipulation of a DOM object before a call to the substringData method, allowing remote attackers to execute arbitrary code. This issue is related to the way Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects. An attacker could exploit this by constructing a specially crafted Web page, potentially allowing remote code execution and gaining the same user rights as the logged-on user.

Recommendations For Internet Explorer version 6, update to a version that is not affected by this issue. For Internet Explorer version 7, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to Web pages that contain unexpected method calls to HTML objects until a patch is available.