Secunia

Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information or compromise a user's system.

1) The application incorrectly interprets the origin of scripts, which can be exploited to gain access to a browser windows in another domain or Internet Explorer zone.

Successful exploitation requires certain user interaction with the browser window.

2) A use-after-free error in the "OnPropertyChange_Src()" function can be exploited to corrupt memory.

3) A use-after-free error when processing the "boundElements" property can be exploited to corrupt memory.

This vulnerability affects Internet Explorer 6 only.

4) A race condition error when processing "CIframeElement" objects can be exploited to corrupt memory.

5) A use-after-free error in the handling of table elements can be exploited to corrupt memory.

6) Another error when attempting to access uninitialised or deleted objects can be exploited to corrupt memory.

This vulnerability affects Internet Explorer 8 only.

Vulnerabilities #2 through #6 may allow execution of arbitrary code e.g. when a user views a specially crafted web page.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
The vendor credits:
1) David Bloom, Google.
2-5) Nicolas Joly, Vupen
6) Gambino ZaDarkSide

Changelog
Further details available in Customer Area

Original Advisory
MS10-053 (KB2183461):
http://www.microsoft.com/technet/security/Bulletin/MS10-053.mspx

Vupen:
http://archives.neohapsis.com/archives/bugtraq/2010-08/0126.html
http://archives.neohapsis.com/archives/bugtraq/2010-08/0127.html
http://archives.neohapsis.com/archives/bugtraq/2010-08/0128.html
http://archives.neohapsis.com/archives/bugtraq/2010-08/0129.html

Deep Links
Links available in Customer Area