A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. Versions 6 and 7 are affected.
8cb8edb63c2fb5f85f11ceb1a52da4bf15efbde6280976b3fa61368ea4ecfc4f
iDefense Security Advisory 02.12.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer web browser allows attackers to execute arbitrary code within the context of the affected user. When certain properties are assigned malformed values, memory can be corrupted in a way that leads to Internet Explorer making a call to a member function of an already released property object. If the memory location of the released property object happens to be filled by attacker controlled content, the attacker can execute arbitrary code. iDefense testing shows that Internet Explorer 6.0 and Internet Explorer 7.0, with all available security patches as of October 22nd, 2007, are vulnerable. Older versions of Internet Explorer may also be vulnerable.
cb84e9245e55d2a2c47e77f12aecf8560df63b3fdffffa624ec9996d05b17bb9