CVE-2008-2257

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01, 6, and 7

Description: The issue allows remote attackers to cause a denial of service and execute arbitrary code via certain conditions related to a document object. A remote code execution vulnerability exists due to attempts to access uninitialized memory in certain situations, which could be exploited by constructing a specially crafted Web page. This could allow remote code execution, potentially giving an attacker the same user rights as the logged-on user.

Recommendations: For Microsoft Internet Explorer versions 5.01, 6, and 7, consider avoiding the use of specific document objects that may trigger the memory corruption until a fix is available. As a temporary workaround, restrict access to specially crafted Web pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.