Intrusion Prevention



This indicates a possible exploit of the "DHTML Object Memory Corruption Vulnerability" in Microsoft Internet Explorer.
An object memory corruption vulnerability is reported in the Microsoft Internet explorer DHTML object model that may allow an attacker to execute arbitrary code on an affected system. There is a race condition in the DHTML object model that may allow one process thread to use or corrupt memory of another process thread. By exploiting this, an attacker may execute arbitrary code on an affected system by planting a malicious web page and persuading a victim to visit it. An attacker may send a malicious web page link to a victim as HTML email or a url link. Arbitrary code can then be executed on the victim's machine in the security context of currently logged in user.

Affected Products

Microsoft Internet Explorer 5.01, 5.5 and 6.x.


System compromise.

Recommended Actions

Apply the security patch to the system as given in the Microsoft Security Bulletin MS05-020.

CVE References