This host is missing a critical security update according to Microsoft Bulletin MS09-019.
Successful exploitation will let the attacker execute arbitrary codes into the context of the affected system, as a result in view, change, or delete data and can cause denial of service to legitimate users. Impact Level: System/Application
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS09-019
Multiple flaws are due to, - Scripts may persist across navigations and let a malicious site interact with a site in an arbitrary external domain. - When application fails to properly enforce the same-origin policy. - In the way that Internet Explorer caches data and incorrectly allows the cached content to be called, potentially bypassing Internet Explorer domain restriction. - Error in the way Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects. - Error in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted by specially crafted Web page.
Microsoft Internet Explorer version 5.x/6.x/7.x/8.x
CVE CVE-2007-3091, CVE-2009-1140, CVE-2009-1141, CVE-2009-1528, CVE-2009-1529, CVE-2009-1530, CVE-2009-1531, CVE-2009-1532
CVSS Base Score: 9.3
- Cumulative Security Update for Internet Explorer (958215)
- Embedded OpenType Font Engine Remote Code Execution Vulnerability (982132)
- Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
- Microsoft Active Directory Denial of Service Vulnerability (953235)