Added: 12/12/2008
CVE: CVE-2008-4844
BID: 32721
OSVDB: 50622
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
A data binding error allows command execution when a user loads specially crafted XML code containing nested SPAN tags, resulting in accessing of memory space of a deleted object.
Apply one of the workarounds suggested in Microsoft Security Advisory 961051.
<http://www.kb.cert.org/vuls/id/493881>
Exploit works on Internet Explorer 7 and requires a user to load the exploit page.
The reliability of this exploit may depend upon the system’s memory state.
Windows