CVE-2010-3331

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 8

Description A remote code execution issue exists due to improper handling of objects in memory when using Microsoft Word to read Word documents. This allows attackers to execute arbitrary code by accessing an object that was not properly initialized or has been deleted, leading to memory corruption. An attacker could exploit this by convincing a user to view a specially crafted Word document, potentially gaining the same user rights as the logged-on user. If the user has administrative rights, the attacker could take complete control of the system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Internet Explorer versions 6 through 8, consider restricting the use of Microsoft Word to read Word documents until a patch is available. As a temporary workaround, avoid viewing specially crafted Word documents to minimize the risk of exploitation.