CVE-2008-2254

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 7

Description: A remote code execution issue exists due to attempts to access uninitialized memory in certain situations. An attacker could exploit this by constructing a specially crafted Web page. When a user views the Web page, it could allow remote code execution, potentially leading to a denial of service (crash). An attacker who successfully exploits this could gain the same user rights as the logged-on user.

Recommendations: For Microsoft Internet Explorer versions 6 and 7, consider restricting access to specially crafted Web pages until a patch is available. As a temporary workaround, avoid viewing untrusted Web pages with Internet Explorer versions 6 and 7 to minimize the risk of exploitation.