|MS09-019||Cumulative Security Update for Internet Explorer (969897)||Internet Explorer||Critical||10-06-2009|
Brief overview of the risk:
This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Detailed Information on the risk:
An information disclosure vulnerability exists in the way that Internet Explorer caches data and incorrectly allows the cached content to be called, potentially bypassing Internet Explorer domain restriction. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could view content from the local computer or another browser window in another domain or Internet Explorer zone.
Further information on this exploit is available at : MS09-019
Affected SoftwareInternet Explorer 5.01 and Internet Explorer 6 Service Pack 1
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8