The advisory in-part stated that the vulnerability exists as an invalid pointer reference within Internet Explorer, and that in a specially-crafted attack, Internet Explorer can be caused to allow remote code execution, in attempting to access a freed object.
The following versions of Internet Explorer: IE 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected. Whereas, Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected.
However, protected Mode in Internet Explorer on Windows Vista and later Windows operating systems limits the impact of the vulnerability, according to the report.
Microsoft on its part have disclosed plans to providing a solution through their monthly security update release process, or an out-of-cycle security update, with the next scheduled Microsoft Patch Tuesday billed for 9th February.
Sign up here with your email