CVE-2009-2655

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 7 through 8

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved by calling the JavaScript findText method with a crafted Unicode string in the first argument and only one additional argument. For example, a second argument of -1 can be used to demonstrate this issue.

Recommendations For Microsoft Internet Explorer versions 7 and 8, consider disabling JavaScript as a temporary workaround until a patch is available. Restrict access to potentially malicious websites to minimize the risk of exploitation.