Risk: High
Three vulnerabilities have been reported in Internet Explorer, which can be exploited to conduct cross-site scripting attacks or compromise a user's system.
A remote code execution vulnerability exists in Internet Explorer because of the way that it handles JPEG images. An attacker could exploit the vulnerability by constructing a malicious JPEG image that could potentially allow remote code execution if a user visited a malicious web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
A cross-domain vulnerability exists in Internet Explorer that could allow information disclosure or remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a malicious web page. The malicious web page could potentially allow remote code execution if it is viewed by a user. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction and social engineering is required to exploit this vulnerability. A remote code execution vulnerability exists in the way Internet Explorer instantiates COM Objects that are not intended to be used in Internet Explorer. An attacker could exploit the vulnerability by constructing a malicious web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.