A memory corruption flaw exists in Internet Explorer. The program fails to validate CSS styles resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

• CVE ID: 2009-0076 (see also: NVD)
• Bugtraq ID: 33628
• Secunia Advisory ID: 33845
• SCIP VulDB ID: 3918
• Related OSVDB ID: 51839
• OVAL ID: 6081
• Microsoft Knowledge Base Article: 961260
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2009-02/0085.html
• News Article: http://www.eweek.com/c/a/Security/Microsoft-Fixes-Critical-Bugs-in-Microsoft-Exchange-Internet-Explorer-for-Patch-Tuesday/
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-09-012
• Microsoft Security Bulletin: MS09-002
• CERT: TA09-041A

• Sam Thomas - Zero Day Initiative (ZDI)