CVE-2008-0077

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 SP1 through 7

Description A use-after-free issue allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, such as the by property of an animateMotion SVG element. This can be exploited through a specially crafted Web page, potentially allowing an attacker to gain the same user rights as the logged on user.

Recommendations For Microsoft Internet Explorer versions 6 SP1 through 7, consider disabling the use of SVG elements, specifically the animateMotion element, until a patch is available. Restrict access to Web pages that could potentially exploit this issue to minimize the risk of remote code execution.