CVE-2009-1529

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 Microsoft Internet Explorer 7 for Server 2003 SP2 Microsoft Internet Explorer 7 for Vista Gold, SP1, and SP2 Microsoft Internet Explorer 7 for Server 2008 SP2

Description: The issue arises from the improper handling of objects in memory, allowing remote attackers to execute arbitrary code. This can be achieved by calling the setCapture method on a collection of crafted objects. An attacker could exploit this by constructing a specially crafted Web page. When a user views the Web page, the issue could allow remote code execution, potentially granting the attacker the same user rights as the logged-on user. If the user has administrative rights, the attacker could take complete control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations: For Microsoft Internet Explorer 7 for Windows XP SP2 and SP3, update to a newer version to mitigate the risk. For Microsoft Internet Explorer 7 for Server 2003 SP2, update to a newer version to mitigate the risk. For Microsoft Internet Explorer 7 for Vista Gold, SP1, and SP2, update to a newer version to mitigate the risk. For Microsoft Internet Explorer 7 for Server 2008 SP2, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling the setCapture method until a patch is available.