A code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an invalid pointer reference being used after an object is deleted. This vulnerability may be exploited by remote unauthenticated attackers to execute arbitrary code on the target machine by enticing a user into opening a specially crafted HTML document.

In attack scenarios where code execution is successful the behaviour of the target machine would depend entirely on the intention of the injected code, which would run within the security context of the logged on user. In situations where code execution is not successful, the vulnerable application may terminate abnormally, leading to a denial of service condition.

The vendor, Microsoft, has released patches to address this vulnerability:

http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx

• Microsoft Internet Explorer 6
• Microsoft Internet Explorer 7
• Microsoft Windows 2000 SP 4
• Microsoft Windows Server 2008
• Microsoft Windows Vista
• Microsoft Windows XP
• Microsoft Windows Server 2003

• Access vector is NETWORK
• Access complexity is MEDIUM
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is PARTIAL
• Impact of this vulnerability on data integrity is PARTIAL
• Impact of this vulnerability on data availability is PARTIAL

• The exploitability level of this vulnerability is FUNCTIONAL
• The remediation level of this vulnerability is WORKAROUND
• The report confidence level of this vulnerability is CONFIRMED