| Summary: | This critical security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerability with the most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update is rated moderate for Internet Explorer 6 and 7 on Windows Server 2003. For all other supported releases of Internet Explorer, this security update is rated critical. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses three vulnerabilities by not allowing the browser window content to persist after navigation has occurred. The update addresses the fourth vulnerability by modifying the script error exception handling so that no attempt is made to access the freed memory. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. |
