HighMicrosoft Windows Knowledge Base Article 978207 update is not installed on the system, which could allow an attacker to exploit the following vulnerabilities:
Microsoft Internet Explorer could allow a remote attacker to obtain sensitive information, caused by a cross-site scripting filter bypass vulnerability when Internet Explorer disables an HTML attribute in valid response data. By persuading a victim to click on a specially-crafted URL or visit a malicious Web site, an attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site to perform unauthorized actions and obtain sensitive information.
Microsoft Internet Explorer could allow a remote attacker to execute code on the system, caused by a use-after-free error. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to access an invalid pointer associated with a deleted object to execute arbitrary code with the privileges of the victim.
Microsoft Internet Explorer could allow a remote attacker to execute code on the system, caused by improper validation of user-supplied input. By persuading a victim to click on a specially-crafted URL, a remote attacker could exploit this vulnerability to execute a binary from the local client system.
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by an error when attempting to access a deleted or improperly initialized object. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim.
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by an error when attempting to access a deleted or uninitialized object. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim.
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by an error when attempting to access a deleted or uninitialized object. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim.
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by an error when attempting to access a deleted or uninitialized object. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim.
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by an error when attempting to access a deleted or uninitialized object. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS10-002. See References.
Microsoft Security Bulletin MS10-002
Cumulative Security Update for Internet Explorer (978207)
http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer cross-site scripting filter information disclosure
http://xforce.iss.net/xforce/xfdb/54463
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer freed object code execution
http://xforce.iss.net/xforce/xfdb/55642
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer URL code execution
http://xforce.iss.net/xforce/xfdb/55773
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer deleted object code execution
http://xforce.iss.net/xforce/xfdb/55774
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer initialized memory code execution
http://xforce.iss.net/xforce/xfdb/55775
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer deleted object code execution
http://xforce.iss.net/xforce/xfdb/55776
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer uninitialized code execution
http://xforce.iss.net/xforce/xfdb/55777
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer object memory code execution
http://xforce.iss.net/xforce/xfdb/55778
ISS X-Force
Microsoft Windows Knowledge Base Article 978207 update is not installed
http://www.iss.net/security_center/static/55779.php
CVE CVE-2010-0248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0248
CVE CVE-2010-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0244
CVE CVE-2010-0245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0245
CVE CVE-2010-0246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0246
CVE CVE-2010-0247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0247
CVE CVE-2010-0027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0027
CVE CVE-2010-0249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0249
CVE CVE-2009-4074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4074
