It is believed that while Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.
It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
For Trend Micro clients using OfficeScan with Intrusion Defense Firewall (IDF) please refer to filter identifier(s) specific to this advisory's vulnerability identifiers. For patch information and suggested workarounds, users are advised to refer to this Microsoft webpage: http://www.microsoft.com/technet/security/Bulletin/MS10-002.mspx