CVE-2011-0346

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 8

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to the DOM implementation. An attacker could exploit this by constructing a specially crafted Web page, potentially gaining the same user rights as the logged-on user. If the user has administrative rights, the attacker could take complete control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Internet Explorer versions 6 through 8, consider disabling the BreakAASpecial and BreakCircularMemoryReferences functions as a temporary workaround until a patch is available. Restrict access to potentially vulnerable DOM implementations to minimize the risk of exploitation. Avoid viewing specially crafted Web pages that could trigger the arbitrary code execution.