CVE-2010-0811

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer 8 Developer Tools versions in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1

Description The issue allows remote attackers to execute arbitrary code via unknown vectors that corrupt the system state. A remote code execution vulnerability exists in the ActiveX control, Microsoft Internet Explorer 8 Developer Tools, which could be exploited by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution, potentially giving an attacker the same user rights as the logged-on user.

Recommendations For Microsoft Internet Explorer 8 Developer Tools in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1, consider disabling the ActiveX control until a patch is available to prevent remote code execution. As a temporary workaround, restrict access to Web pages that could potentially exploit this vulnerability to minimize the risk of exploitation.