HighMicrosoft Knowledge Base Article 969897 is not installed, which could allow a remote attacker to exploit the following vulnerabilities:
Microsoft Internet Explorer could allow a remote attacker to bypass cross-domain security restrictions, caused by a race condition when updating pages across domains. By persuading a victim to visit a specially-crafted Web site, a remote attacker bypass same-origin policy restrictions to gain unauthorized access to other domains and obtain sensitive information from the system.
Microsoft Internet Explorer could allow a remote attacker to bypass cross-domain security restrictions, caused by an error when rendering cached content. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to bypass cross-domain security restrictions and view content from the local computer or another browser window in another domain or Internet Explorer zone.
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system when file and printer sharing is enabled, caused by a memory corruption error when handling DHTML objects. By persuading a victim to visit a specially-crafted Web page that contains certain unexpected method calls to HTML objects, an attacker could exploit this vulnerability to execute arbitrary code with privileges of the victim.
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system when file and printer sharing is enabled, caused by a memory corruption error when handling HTML objects. By persuading a victim to visit a specially-crafted Web page, an attacker could exploit this vulnerability to execute arbitrary code with privileges of the victim.
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error when handling certain objects. By persuading a victim to visit a specially-crafted Web page that attempts to access an object that has not been initialized or has been deleted, an attacker could exploit this vulnerability to execute arbitrary code with privileges of the victim.
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error when handling HTML objects that have not been correctly initialized or have been deleted. By persuading a victim to visit a specially-crafted Web page, an attacker could exploit this vulnerability to execute arbitrary code with privileges of the victim.
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error when handling HTML objects that have not been correctly initialized or have been deleted. By persuading a victim to visit a specially-crafted Web page, an attacker could exploit this vulnerability to execute arbitrary code with privileges of the victim.
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error when handling HTML objects that have not been correctly initialized or have been deleted. By persuading a victim to visit a specially-crafted Web page, an attacker could exploit this vulnerability to execute arbitrary code with privileges of the victim.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS09-019. See References.
Microsoft Security Bulletin MS09-019
Cumulative Security Update for Internet Explorer (969897)
http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer page update cross-domain security bypass
http://xforce.iss.net/xforce/xfdb/34696
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer cached data cross-domain security bypass
http://xforce.iss.net/xforce/xfdb/50769
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer HTML code execution
http://xforce.iss.net/xforce/xfdb/50771
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer object access code execution
http://xforce.iss.net/xforce/xfdb/50772
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer object access code execution
http://xforce.iss.net/xforce/xfdb/50773
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer HTML objects code execution
http://xforce.iss.net/xforce/xfdb/50774
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer HTML objects code execution
http://xforce.iss.net/xforce/xfdb/50775
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer DHTML code execution
http://xforce.iss.net/xforce/xfdb/50770
ISS X-Force
Microsoft Windows Knowledge Base Article 969897 update is not installed
http://www.iss.net/security_center/static/50776.php
CVE CVE-2007-3091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3091
CVE CVE-2009-1140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1140
CVE CVE-2009-1141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1141
CVE CVE-2009-1528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1528
CVE CVE-2009-1529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1529
CVE CVE-2009-1530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1530
CVE CVE-2009-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1531
CVE CVE-2009-1532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1532
