CVE-2010-0249

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 8

Description The issue allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory. This has been exploited in the wild during Operation Aurora. An attacker could exploit the vulnerability by constructing a specially crafted Web page, potentially gaining the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Internet Explorer versions 6 through 8, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to Web pages from untrusted sources until a patch is available. Avoid viewing specially crafted Web pages that could exploit the vulnerability.