CVE-2011-1266

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 8

Description A remote code execution issue exists due to improper handling of objects in memory by the Vector Markup Language (VML) implementation in vgx.dll. This allows attackers to execute arbitrary code by accessing an object that was not properly initialized or has been deleted. The vulnerability can be exploited by constructing a specially crafted Web page, potentially leading to remote code execution when a user views the page. An attacker who successfully exploits this issue could gain the same user rights as the logged-on user.

Recommendations For Microsoft Internet Explorer versions 6 through 8, consider restricting access to Web pages that could potentially exploit this issue until a patch is available. As a temporary workaround, avoid viewing specially crafted Web pages that could trigger the remote code execution vulnerability. Restrict user rights to minimize the impact of potential exploitation.