Intrusion Prevention

MS.IE.HISTORY.GO.Double.Free

Description

This indicates an attack attempt against a double-free vulnerability in Microsoft Internet Explorer.
The vulnerability is caused by an error when the "history.go" method accesses an object that has not been correctly initialized or that has been deleted. It allows a remote attacker to execute arbitrary code.

Affected Products

Microsoft Internet Explorer 7
Microsoft Internet Explorer 6 SP1
Microsoft Internet Explorer 6
Microsoft Internet Explorer 5.01 SP4

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch, available from the website:
http://www.microsoft.com/technet/security/Bulletin/MS09-014.mspx

CVE References

CVE-2009-0552