Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3476

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3476
Last Modified 26 Jan 2012 10:29:42
Published 14 Oct 2008 08:12:15
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3476

Summary

Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability."

Vulnerable Systems

Application

  • Microsoft Internet Explorer 5.01

  • Microsoft Internet Explorer 6

  • Microsoft Internet Explorer 7


References

CERT - TA08-288A

BID - 31618

MS - MS08-058

XF - win-ms08kb956390-update(45565)

XF - ie-unit-memory-code-execution(45564)

VUPEN - ADV-2008-2809

SECTRACK - 1021047

HP - SSRT080143

HP - HPSBST02379

Related Patches

MS08-058 Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB956390)

MS08-058 Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB956390)


Last Updated: 27 May 2016 10:49:56