CVE-2009-1919

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4 through 8

Description: The issue arises from the improper handling of attempts to access deleted objects in memory, allowing remote attackers to execute arbitrary code via an HTML document containing embedded style sheets. A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page, potentially gaining the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

Recommendations: For Microsoft Internet Explorer versions 5.01 SP4 through 8, consider disabling the use of embedded style sheets in HTML documents until a patch is available. Restrict access to Web pages that could potentially exploit this issue to minimize the risk of remote code execution.