Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Internet Explorer memory corruption
Published:18.12.2008
Source:
SecurityVulns ID:9526
Type:client
Threat Level:
10/10
Description:Memory corruption leads to code execution. Vulnerability is used in-the-wild for hidden malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-4844 (Use-after-free vulnerability in mshtml.dll in Microsoft Internet Explorer 5.01, 6, and 7 on Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a crafted XML document containing nested SPAN elements, as exploited in the wild in December 2008.)
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA08-352A -- Microsoft Internet Explorer Data Binding Vulnerability (18.12.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-078 - Critical Security Update for Internet Explorer (960714) (18.12.2008)
Files:Microsoft Security Bulletin MS08-078 - Critical Security Update for Internet Explorer (960714)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod