CVE-2008-3475

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer version 6

Description The issue arises from improper error handling when using the componentFromPoint method on xml objects that have been incorrectly initialized or deleted, allowing remote attackers to execute arbitrary code via a crafted HTML document. This could enable an attacker to gain the same user rights as the logged-on user by constructing a specially crafted Web page.

Recommendations For Microsoft Internet Explorer version 6, as a temporary workaround, consider avoiding the use of the componentFromPoint method on xml objects until a patch is available. Restrict access to crafted HTML documents to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.