Effects 

MS09-019 is not categorized as virus, worm, Trojan or backdoor. It is a group of critical vulnerabilities in Internet Explorer on Windows 2008/Vista/2003/XP/2000 computers, which allows arbitrary code to be remotely executed. Affected versions of Internet Explorer are 5.01, 6 SP1, 6, 7 and 8.

The addressed vulnerabilities are:

• Race Condition Cross-Domain Information Disclosure vulnerability: an information disclosure vulnerability that occurs because script can create a race condition that could break the same-origin policy of Internet Explorer and read content from different domains.
• Cross-Domain Information Disclosure vulnerability: an information disclosure vulnerability that occurs because Internet Explorer caches data and incorrectly allows the cached content to be rendered as HTML, potentially bypassing Internet Explorer domain restriction.
  
  If exploited successfully, it could allow an attacking user to view content from the local computer or browser window in another domain or Internet Explorer zone.
• DHTML Object Memory Corruption vulnerability: this remote code execution vulnerability occurs when Internet Explorer displays a web page that contains unexpected method calls to HTML objects.
  
  If exploited successfully, MS09-019 allows hackers to gain remote control of the affected computer with the same privileges as the logged on user.
• HTML Object Memory Corruption vulnerability and Uninitialized Memory Corruption vulnerability: these remote code execution vulnerabilities occur due to the way Internet Explorer accesses an object which has been deleted or has not been correctly initialized.
  
  If exploited successfully, MS09-019 allows hackers to gain remote control of the affected computer with the same privileges as the logged on user.

All these vulnerabilities are usually exploited by creating a specially crafted web page and enticing users to access it. The link to the website can be distributed using several methods, such as email, instant messaging programs, etc.

If you have any of the vulnerable versions of Internet Explorer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch. However, provided that this is a cumulative patch, make sure that you download the latest security patch available.