CVE-2009-0554

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008

Description A remote code execution issue exists in the way Internet Explorer accesses an object that has not been initialized or has been deleted. An attacker could exploit this by constructing a specially crafted web page. When a user views the web page, it could allow remote code execution, potentially giving the attacker the same user rights as the logged-on user.

Recommendations For Microsoft Internet Explorer 5.01 SP4, consider applying the relevant security update to resolve the issue. For Microsoft Internet Explorer 6 SP1, apply the relevant security update to fix the vulnerability. For Microsoft Internet Explorer 6 and 7 on Windows XP SP2 and SP3, Windows Server 2003 SP1 and SP2, Windows Vista Gold and SP1, and Windows Server 2008, apply the relevant security update to resolve the issue. As a temporary workaround, consider restricting access to web pages from untrusted sources until a patch is available.