CVE-2009-1530

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 Microsoft Internet Explorer 7 for Server 2003 SP2 Microsoft Internet Explorer 7 for Vista Gold, SP1, and SP2 Microsoft Internet Explorer 7 for Server 2008 SP2

Description: A use-after-free issue allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that was not properly initialized or is deleted. This could allow an attacker to gain the same user rights as the logged-on user, potentially taking complete control of an affected system if the user has administrative rights.

Recommendations: For Microsoft Internet Explorer 7 on all affected platforms, update to a version that addresses this issue to prevent exploitation. As a temporary workaround, consider restricting access to specially crafted Web pages that could trigger the vulnerability until a patch is available.