CVE-2009-1532

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer 8 for Windows XP SP2 and SP3 Microsoft Internet Explorer 8 for Server 2003 SP2 Microsoft Internet Explorer 8 for Vista Gold, SP1, and SP2 Microsoft Internet Explorer 8 for Server 2008 SP2

Description: A remote code execution issue exists due to improper handling of objects in memory. This allows remote attackers to execute arbitrary code via malformed row property references, triggering access to an object that was not properly initialized or is deleted, leading to memory corruption. An attacker could exploit this by constructing a specially crafted Web page, potentially gaining the same user rights as the logged-on user. If the user has administrative rights, the attacker could take complete control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations: For Microsoft Internet Explorer 8 on all affected platforms, update to a version that properly handles objects in memory to prevent remote code execution. As a temporary workaround, consider restricting access to specially crafted Web pages that could exploit the memory corruption issue until a patch is available. Avoid using Internet Explorer 8 for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.