Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka โUninitialized Memory Corruption Vulnerability.โ
ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html
marc.info/?l=bugtraq&m=122479227205998&w=2
www.securityfocus.com/archive/1/497380/100/0/threaded
www.securityfocus.com/bid/31617
www.securitytracker.com/id?1021047
www.us-cert.gov/cas/techalerts/TA08-288A.html
www.vupen.com/english/advisories/2008/2809
www.zerodayinitiative.com/advisories/ZDI-08-069/
docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058
exchange.xforce.ibmcloud.com/vulnerabilities/45563
exchange.xforce.ibmcloud.com/vulnerabilities/45565
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151