9.3
CVE-2008-3475
- EPSS 39.86%
- Veröffentlicht 15.10.2008 00:12:15
- Zuletzt bearbeitet 16.06.2026 22:55:53
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version5.01 Updatesp4
Microsoft ≫ Internet Explorer Version6 Updatesp1
Microsoft ≫ Internet Explorer Version6 Update-
Microsoft ≫ Windows Server 2003 Version- HwPlatformx64
Microsoft ≫ Windows Server 2003 Version- Updatesp1
Microsoft ≫ Windows Server 2003 Version- Updatesp1 SwEdition- HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Xp Version- SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp2
Microsoft ≫ Windows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp3
Microsoft ≫ Windows Server 2003 Version- Updatesp1
Microsoft ≫ Windows Server 2003 Version- Updatesp1 SwEdition- HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Xp Version- SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp2
Microsoft ≫ Windows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp3
Microsoft ≫ Internet Explorer Version7.0
Microsoft ≫ Windows Server 2003 Version- HwPlatformx64
Microsoft ≫ Windows Server 2003 Version- Updatesp1
Microsoft ≫ Windows Server 2003 Version- Updatesp1 SwEdition- HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version-
Microsoft ≫ Windows Vista Version-
Microsoft ≫ Windows Vista Version- Updatesp1
Microsoft ≫ Windows Xp Version- SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp2
Microsoft ≫ Windows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp3
Microsoft ≫ Windows Server 2003 Version- Updatesp1
Microsoft ≫ Windows Server 2003 Version- Updatesp1 SwEdition- HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version-
Microsoft ≫ Windows Vista Version-
Microsoft ≫ Windows Vista Version- Updatesp1
Microsoft ≫ Windows Xp Version- SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp2
Microsoft ≫ Windows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 39.86% | 0.984 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
http://www.vupen.com/english/advisories/2008/2809
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058
https://exchange.xforce.ibmcloud.com/vulnerabilities/45565
http://www.securitytracker.com/id?1021047
http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html
http://www.securityfocus.com/archive/1/497380/100/0/threaded
http://www.securityfocus.com/bid/31617
http://www.zerodayinitiative.com/advisories/ZDI-08-069/
https://exchange.xforce.ibmcloud.com/vulnerabilities/45563
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151