CVE-2010-0492

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer 8

Description A use-after-free issue allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption. This occurs when Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit this by constructing a specially crafted Web page, potentially gaining the same user rights as the logged-on user. If the user has administrative rights, the attacker could take complete control of the system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Internet Explorer 8, consider disabling the TIME2 behavior as a temporary workaround until a patch is available. Restrict access to specially crafted Web pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.