Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
| Link | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/1028 | vdb entry |
| http://osvdb.org/53625 | vdb entry |
| http://www.us-cert.gov/cas/techalerts/TA09-104A.html | third party advisory us government resource |
| http://secunia.com/advisories/34678 | third party advisory |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551 | signature vdb entry |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014 | vendor advisory |
| http://www.securitytracker.com/id?1022042 | vdb entry |
| http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm |