|MS11-003||Cumulative Security Update for Internet Explorer (2482017)||Internet Explorer||Critical||09-02-2011|
Brief overview of the risk:
This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user opens a legitimate HTML file that loads a specially crafted library file.
Detailed Information on the risk:
A remote code execution vulnerability exists in the way that Internet Explorer accesses memory while importing a Cascading Style Sheet that refers to itself recursively. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
Further information on this exploit is available at : MS11-003
Affected SoftwareInternet Explorer 6
Internet Explorer 7
Internet Explorer 8