A memory corruption flaw exists in Microsoft Internet Explorer versions 5.01, 6, 6 SP1, 8. The service fails to sanitize user-supplied input handling certain HTML objects resulting in memory corruption. With a specially crafted web page, a remote attacker can execute arbitrary code.

Microsoft has released a patch to address this vulnerability. Additionally, it is possible to temporarily work around the flaw by implementing the following workaround: Enable or disable ActiveX Controls in Office 2007, set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones, configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone, and do not open unexpected files.

• Security Tracker: 1023773
• Related OSVDB ID: 63327 63328 63329 63330 63332 63333 63334 63335
• CVE ID: 2010-0491 (see also: NVD)
• Bugtraq ID: 39027
• Microsoft Knowledge Base Article: 980182
• VUPEN Advisory: ADV-2010-0744 VUPEN/ADV-2010-0744
• News Article: http://blogs.technet.com/msrc/archive/2010/03/29/internet-explorer-cumulative-update-releasing-out-of-band.aspx
  http://news.cnet.com/8301-27080_3-20001428-245.html
  http://www.avertlabs.com/research/blog/index.php/2010/03/30/microsoft-releases-out-of-cycle-bulletin-ms10-018/
  http://www.darkreading.com/securityservices/security/app-security/showArticle.jhtml?articleID=224200808
  http://www.theregister.co.uk/2010/03/29/ie_emergency_fix/
• Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=864
• Mail List Post: http://seclists.org/bugtraq/2010/Mar/253
• Vendor Specific Solution URL: http://support.microsoft.com/default.aspx?scid=kb;EN-US;980182
• Vendor Specific Advisory URL: http://www.microsoft.com/technet/security/advisory/981374.mspx
• Microsoft Security Bulletin: MS10-018

• wushi - iDefense Labs VCP