CVE-2008-2258

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01, 6, and 7

Description: The issue allows remote attackers to cause a denial of service and execute arbitrary code via certain conditions related to document objects. A remote code execution vulnerability exists due to attempts to access uninitialized memory in certain situations, which could be exploited by constructing a specially crafted Web page. This could allow remote code execution, potentially giving an attacker the same user rights as the logged-on user.

Recommendations: For Microsoft Internet Explorer versions 5.01, 6, and 7, consider restricting access to specially crafted Web pages until a patch is available. As a temporary workaround, avoid using the affected document objects in a specific order with particular functions performed on them until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.