CVE-2008-3475 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2008-3475
Status Candidate
Description Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."
Severity High
CVSS score 9,3
CVSS vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Phase Assigned (26.01.2012)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3475
References BID : 31617
BUGTRAQ : 20081015 Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution
CERT : TA08-288A
HP : HPSBST02379
HP : SSRT080143
MISC : http://ifsec.blogspot.com/2008/10/internet-explore...
MISC : http://www.zerodayinitiative.com/advisories/ZDI-08...
MS : MS08-058
SECTRACK : 1021047
VUPEN : ADV-2008-2809
XF : ie-uninitialized-objects-code-execution(45563)
XF : win-ms08kb956390-update(45565)
SecurityVulns: Microsoft Internet Explorer multiple security vulnerabilities

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server