Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2258

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-2258
Last Modified 03 Oct 2011 12:00:00
Published 13 Aug 2008 08:42:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2258

Summary

Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257.

Vulnerable Systems

Application

  • Microsoft Ie 5.01

  • Microsoft Ie 6

  • Microsoft Ie 7

  • Microsoft Internet Explorer 6


References

CERT - TA08-225A

MS - MS08-045

SECUNIA - 31375

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-051/

VUPEN - ADV-2008-2349

SECTRACK - 1020674

BID - 30610

BUGTRAQ - 20080812 ZDI-08-051: Microsoft Internet Explorer Table Layout Memory Corruption Vulnerability

HP - HPSBST02360

HP - SSRT080117


Last Updated: 27 May 2016 10:47:28