CVE-2009-0552

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 5.01 SP4, 6 SP1 Microsoft Internet Explorer version 6 on Windows XP SP2 and SP3 Microsoft Internet Explorer version 6 on Windows Server 2003 SP1 and SP2

Description The issue allows remote attackers to execute arbitrary code via a web page that triggers the presence of an object in memory that was not properly initialized or deleted. A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted web page, potentially gaining the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Internet Explorer versions 5.01 SP4 and 6 SP1, update to a newer version to mitigate the risk. For Microsoft Internet Explorer version 6 on Windows XP SP2 and SP3, update to a newer version to mitigate the risk. For Microsoft Internet Explorer version 6 on Windows Server 2003 SP1 and SP2, update to a newer version to mitigate the risk.