9.3
CVE-2008-3475
- EPSS 59.2%
- Veröffentlicht 15.10.2008 00:12:15
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle secure@microsoft.com
- Teams Watchlist Login
- Unerledigt Login
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version5.01 Updatesp4
Microsoft ≫ Internet Explorer Version6 Updatesp1
Microsoft ≫ Internet Explorer Version6 Update-
Microsoft ≫ Windows Server 2003 Version- HwPlatformx64
Microsoft ≫ Windows Server 2003 Version- Updatesp1
Microsoft ≫ Windows Server 2003 Version- Updatesp1 SwEdition- HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Xp Version- SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp2
Microsoft ≫ Windows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp3
Microsoft ≫ Windows Server 2003 Version- Updatesp1
Microsoft ≫ Windows Server 2003 Version- Updatesp1 SwEdition- HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Xp Version- SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp2
Microsoft ≫ Windows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp3
Microsoft ≫ Internet Explorer Version7.0
Microsoft ≫ Windows Server 2003 Version- HwPlatformx64
Microsoft ≫ Windows Server 2003 Version- Updatesp1
Microsoft ≫ Windows Server 2003 Version- Updatesp1 SwEdition- HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version-
Microsoft ≫ Windows Vista Version-
Microsoft ≫ Windows Vista Version- Updatesp1
Microsoft ≫ Windows Xp Version- SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp2
Microsoft ≫ Windows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp3
Microsoft ≫ Windows Server 2003 Version- Updatesp1
Microsoft ≫ Windows Server 2003 Version- Updatesp1 SwEdition- HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version-
Microsoft ≫ Windows Vista Version-
Microsoft ≫ Windows Vista Version- Updatesp1
Microsoft ≫ Windows Xp Version- SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp2
Microsoft ≫ Windows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 59.2% | 0.982 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.