Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct spoofing or cross-site scripting attacks and compromise a user's system.

1) It is possible for a website to modify the location of another frame in another window by setting the location to an object instead of a string. This can be exploited to load malicious content into a frame of a trusted website.

2) An error in handling of certain HTML elements may cause Internet Explorer to incorrectly interpret the origin of a script. This can be exploited to run script code in the context of another domain or security zone.

3) An error in handling of certain events may cause Internet Explorer to incorrectly interpret the origin of a script. This can be exploited to run script code in the context of another domain or security zone.

4) An unspecified error may cause Internet Explorer to incorrectly interpret the origin of a script. This can be exploited to run script code in the context of another domain.

5) An error in the handling of the "componentFromPoint()" method can be exploited to disclose or corrupt memory via a specially crafted web page.

6) An unspecified error may cause Internet Explorer to access uninitialised memory via a specially crafted web page.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
1) sirdarckcat
2) The vendor credits David Bloom.
3) The vendor credits Gregory Rubin.
4) The vendor credits Lee Dagon, Composica.
5) Ivan Fratric via Zero Day Initiative.
6) The vendor credits Thierry Zoller, n.runs.

Changelog
Further details available in Customer Area

Original Advisory
http://sirdarckcat.blogspot.com/2008/05/ghosts-for-ie8-and-ie75730.html
http://sirdarckcat.blogspot.com/2008/05/browsers-ghost-busters.html

MS08-058 (KB956390):
http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-069/

Ivan Fratric:
http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area