Added: 01/20/2010
CVE: CVE-2010-0249
BID: 37815
OSVDB: 61697
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
A vulnerability in the Eventparam function can cause Internet Explorer’s HTML engine to access memory that has already been freed, allowing command execution when a user loads a specially crafted page.
See Microsoft Security Advisory 979352 for fix information.
<http://www.kb.cert.org/vuls/id/492515>
Exploit works on Windows XP and requires a user to load the exploit page in Internet Explorer 6.
Windows XP