1. Summary

The vulnerability was found that is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

2. Affected Software

Internet Explorer 6, 7, 8 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

3. Solution

Currently, the security update for this vulnerability has not been released, thus please do not visit the untrusted websites.

By setting JavaScript to be disabled, user can encounter against the vulnerability temporarily untill security update release.

** In case of setting JavaScript to be disabled, sites may not be worked properly.

Internet Explorer>Tools>Internet Options>Security>Internet>Custom level>Set disable for "Active Scripting"

4. Link

http://www.microsoft.com/technet/security/advisory/979352.mspx
http://blogs.technet.com/msrc/archive/2010/01/14/security-advisory-979352.aspx