CVE-2008-2256

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01, 6, and 7

Description: The issue arises from the improper handling of objects that have been incorrectly initialized or deleted, allowing remote attackers to cause a denial of service and potentially execute arbitrary code. A remote code execution vulnerability exists in the way the software accesses an object that has not been correctly initialized or that has been deleted. An attacker could exploit this by constructing a specially crafted Web page, which when viewed by a user, could allow remote code execution. This could grant the attacker the same user rights as the logged-on user.

Recommendations: For Microsoft Internet Explorer versions 5.01, 6, and 7, consider restricting access to specially crafted Web pages until a patch is available. As a temporary workaround, avoid viewing untrusted Web pages with these versions of Internet Explorer until the issue is resolved.