9.3

CVE-2008-2257

Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version5.01
MicrosoftInternet Explorer Version6 Updatesp1
MicrosoftInternet Explorer Version6 Updatesp2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 35.22% 0.982
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=121915960406986&w=2
http://www.us-cert.gov/cas/techalerts/TA08-225A.html
US Government Resource
http://secunia.com/advisories/31375
Patch
Vendor Advisory
http://www.securitytracker.com/id?1020674
http://www.vupen.com/english/advisories/2008/2349
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045
http://www.securityfocus.com/archive/1/495430/100/0/threaded
http://www.securityfocus.com/bid/30613
http://www.zerodayinitiative.com/advisories/ZDI-08-050/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5266