CVE-2009-1531

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 Microsoft Internet Explorer 7 for Server 2003 SP2 Microsoft Internet Explorer 7 for Vista Gold, SP1, and SP2 Microsoft Internet Explorer 7 for Server 2008 SP2

Description: A remote code execution issue exists due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. This could be exploited by an attacker constructing a specially crafted Web page. When a user views the Web page, it could allow remote code execution, potentially giving the attacker the same user rights as the logged-on user. If the user has administrative rights, the attacker could take complete control of the system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations: For Microsoft Internet Explorer 7 on all affected platforms, consider restricting access to web pages that could potentially exploit this issue until a patch is available. As a temporary workaround, avoid using the getElementsByTagName function in combination with the creation of objects during reordering of elements, followed by an onreadystatechange event, until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.