SECUNIA ADVISORY ID: SA42510

VERIFY ADVISORY: Secunia.com: http://secunia.com/advisories/42510/

CRITICALITY: Highly Critical

RELEASE DATE: 2010-12-21

DESCRIPTION: A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a use-after-free error when processing Cascading Style Sheets (CSS) and can be exploited to dereference freed memory via e.g. a specially crafted CSS file containing multiple import rules. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in Internet Explorer 7 and 8 on a fully patched Windows XP SP3 system.

SOLUTION: Do not browse untrusted websites.

PROVIDED AND/OR DISCOVERED BY: sec yun

ORIGINAL ADVISORY: http://www.wooyun.org/bugs/wooyun-2010-0885