A remote code execution vulnerability exists in Internet Explorer due to accesses to uninitialized memory in certain cases of DTML constructs. As 
a result, memory may be corrupted in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

An attacker could exploit the vulnerability by constructing a specially prepared Website, when a user views the Web page, the vulnerability 
could allow remote code execution. An attacker who successfully  exploited this vulnerability could gain the same user rights as the 
logged-on user.