CVE Vulnerability

CVE-2008-3475

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.securitytracker.com/id?1021047
http://www.securityfocus.com/bid/31617 Patch
http://www.us-cert.gov/cas/techalerts/TA08-288A.html US Government Resource
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://www.zerodayinitiative.com/advisories/ZDI-08-069/
http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html
http://www.vupen.com/english/advisories/2008/2809
https://exchange.xforce.ibmcloud.com/vulnerabilities/45565
https://exchange.xforce.ibmcloud.com/vulnerabilities/45563
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151
http://www.securityfocus.com/archive/1/497380/100/0/threaded
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058
Configurations

Configuration 1
Information

Published : 2008-10-15 12:12

Updated : 2019-02-26 02:04

NVD link : CVE-2008-3475

Mitre link : CVE-2008-3475

Products Affected
No products.
CWE
CWE-908