CVE-2010-3346

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 8

Description The issue arises from improper handling of objects in memory, allowing remote attackers to execute arbitrary code by accessing an object that was not properly initialized or has been deleted, leading to memory corruption. A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page, potentially gaining the same user rights as the logged-on user. If successfully exploited, an attacker could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Internet Explorer versions 6 through 8, consider disabling access to specially crafted Web pages until a patch is available. Restrict user rights to minimize the risk of exploitation, as an attacker who successfully exploits this vulnerability could gain the same user rights as the logged-on user. Avoid viewing untrusted Web pages with Internet Explorer versions 6 through 8 to reduce the risk of remote code execution.