Microsoft Internet Explorer Multiple Vulnerabilities (2360131)

This host is missing a critical security update according to Microsoft Bulletin MS10-071.

- The browser allowing for automated, scripted instructions to simulate user actions on the AutoComplete feature, which could allow attackers to capture information previously entered into fields after the AutoComplete feature has been enabled. - An error in the way the toStaticHTML API sanitizes HTML, which could allow cross-site scripting attacks. - An error when processing CSS special characters, which could allow attackers to view content from another domain or Internet Explorer zone. - An uninitialized memory corruption error when processing malformed data, which could allow attackers to execute arbitrary code via a malicious web page. - The Anchor element not being removed from the editable HTML element during specific user operations, potentially revealing personally identifiable information intended for deletion. - The browser allowing scripts to access and read content from different domains, which could allow cross-domain scripting attacks.

Microsoft Internet Explorer version 6.x/7.x/8.x

The vendor has released updates. Please see the references for more information.