Heiko Schultze

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 5.01 through 6 **Description** A vulnerability exists in the way Internet Explorer returns IOleClientSite information when an embedded object is dynamically created. This could cause Internet Explorer to run the object in the wrong security context or zone. An attacker could exploit this vulnerability by constructing a malicious Web page with a dynamically created object that makes use of the IOleClientSite information returned to make a security-related decision. This could potentially allow remote code execution or information disclosure if a user visited the malicious Web site. A successful exploitation could allow an attacker to take complete control of an affected system. **Recommendations** For Microsoft Internet Explorer versions 5.01 through 6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.