<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1528" target="_blank">CVE</a>)</em> : Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka &quot;HTML Object Memory Corruption Vulnerability.&quot;

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Unknown or Incomplete

• CVE ID: 2009-1528 (see also: NVD)
• Bugtraq ID: 35222
• Secunia Advisory ID: 35362
• SCIP VulDB ID: 3983
• Related OSVDB ID: 54944 54945 54946 54948 54949 54950 54951
• Microsoft Knowledge Base Article: 969897
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2009-06/0113.html
• News Article: http://www.computerworld.com/s/article/340124/Microsoft_Issues_Record_31_Patches_for_Bugs_in_Windows_IE_Office_Apps?taxonomyName=security
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-09-037
• Microsoft Security Bulletin: MS09-019

Unknown or Incomplete