9.3

CVE-2008-3475

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version5.01 Updatesp4
   MicrosoftWindows 2000 Version- Updatesp4
MicrosoftInternet Explorer Version6 Updatesp1
   MicrosoftWindows 2000 Version- Updatesp4
MicrosoftInternet Explorer Version6 Update-
   MicrosoftWindows Server 2003 Version- HwPlatformx64
   MicrosoftWindows Server 2003 Version- Updatesp1
   MicrosoftWindows Server 2003 Version- Updatesp1 SwEdition- HwPlatformitanium
   MicrosoftWindows Server 2003 Version- Updatesp2
   MicrosoftWindows Server 2003 Version- Updatesp2 HwPlatformitanium
   MicrosoftWindows Server 2003 Version- Updatesp2 HwPlatformx64
   MicrosoftWindows Xp Version- SwEditionprofessional HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp2
   MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp3
MicrosoftInternet Explorer Version7.0
   MicrosoftWindows Server 2003 Version- HwPlatformx64
   MicrosoftWindows Server 2003 Version- Updatesp1
   MicrosoftWindows Server 2003 Version- Updatesp1 SwEdition- HwPlatformitanium
   MicrosoftWindows Server 2003 Version- Updatesp2
   MicrosoftWindows Server 2003 Version- Updatesp2 HwPlatformitanium
   MicrosoftWindows Server 2003 Version- Updatesp2 HwPlatformx64
   MicrosoftWindows Server 2008 Version-
   MicrosoftWindows Vista Version-
   MicrosoftWindows Vista Version- Updatesp1
   MicrosoftWindows Xp Version- SwEditionprofessional HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp2
   MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
   MicrosoftWindows Xp Version- Updatesp3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 39.86% 0.984
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

http://marc.info/?l=bugtraq&m=122479227205998&w=2
Mailing List
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
Third Party Advisory
US Government Resource
Broken Link
http://www.vupen.com/english/advisories/2008/2809
Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45565
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1021047
Third Party Advisory
Broken Link
VDB Entry
http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html
Third Party Advisory
Issue Tracking
http://www.securityfocus.com/archive/1/497380/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/31617
Patch
Third Party Advisory
Broken Link
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-08-069/
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/45563
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151
Broken Link