Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1086

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1086
Last Modified 07 Mar 2011 10:05:55
Published 08 Apr 2008 07:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1086

Summary

The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server

  • Microsoft Windows Vista

  • Microsoft Windows Xp

  • Microsoft Windows-nt 2008

  • Microsoft Windows-nt Vista

Application

  • Microsoft Ie 5.01

  • Microsoft Ie 6


References

CERT - TA08-099A

BID - 28606

XF - ie-hxvz-code-execution(41464)

VUPEN - ADV-2008-1147

SECTRACK - 1019800

MS - MS08-023

SECUNIA - 29714

HP - HPSBST02329

IDEFENSE - 20080408 Microsoft HxTocCtrl ActiveX Control Invalid Param Heap Corruption Vulnerability

HP - SSRT080048


Last Updated: 27 May 2016 10:47:28