CVE-2008-4258

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4 through 6 SP1

Description: A remote code execution issue exists due to improper validation of parameters during calls to navigation methods. This allows attackers to execute arbitrary code via a crafted HTML document, triggering memory corruption. An attacker could exploit this by constructing a specially crafted Web page, potentially gaining the same user rights as the logged-on user when a user views the Web page.

Recommendations: For Microsoft Internet Explorer versions 5.01 SP4 and 6 SP1, consider disabling navigation methods until a patch is available. Restrict access to specially crafted Web pages to minimize the risk of exploitation. Avoid using Internet Explorer to view untrusted Web pages until the issue is resolved.