Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0077

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-0077
Last Modified 13 Apr 2011 12:00:00
Published 12 Feb 2008 06:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0077

Summary

Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."

Vulnerable Systems

Application

  • Microsoft Ie 6

  • Microsoft Ie 7


References

CERT - TA08-043C

CERT-VN - VU#228569

MS - MS08-010

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-006.html

VUPEN - ADV-2008-0512

SECTRACK - 1019380

BID - 27666

BUGTRAQ - 20080213 ZDI-08-006: Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability

SECUNIA - 28903

HP - SSRT080016

IDEFENSE - 20080212 Microsoft Internet Explorer Property Memory Corruption Vulnerability

HP - HPSBST02314


Last Updated: 27 May 2016 10:47:27