CVE-2009-0551

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008

Description The issue arises from the improper handling of transition errors when requesting one HTTP document followed by another, allowing remote attackers to execute arbitrary code. This can occur through vectors involving multiple crafted pages on a web site or a web page with crafted inline content, such as banner advertisements. If successfully exploited, an attacker could gain the same user rights as the logged-on user, potentially taking complete control of an affected system if the user has administrative rights.

Recommendations For Microsoft Internet Explorer 6 SP1 on Windows XP SP2 and SP3, consider disabling JavaScript to minimize the risk of exploitation until a patch is available. For Microsoft Internet Explorer 6 and 7 on Windows XP SP2 and SP3, and Windows Server 2003 SP1 and SP2, restrict access to web pages with potentially crafted inline content. For Microsoft Internet Explorer 7 on Windows Vista Gold and SP1, and Windows Server 2008, avoid visiting specially crafted Web sites until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.