9.3
CVE-2008-3475
- EPSS 59.2%
- Published 15.10.2008 00:12:15
- Last modified 09.04.2025 00:30:58
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version5.01 Updatesp4
Microsoft ≫ Internet Explorer Version6 Updatesp1
Microsoft ≫ Internet Explorer Version6 Update-
Microsoft ≫ Windows Server 2003 Version- HwPlatformx64
Microsoft ≫ Windows Server 2003 Version- Updatesp1
Microsoft ≫ Windows Server 2003 Version- Updatesp1 SwEdition- HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Xp Version- SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp2
Microsoft ≫ Windows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp3
Microsoft ≫ Windows Server 2003 Version- Updatesp1
Microsoft ≫ Windows Server 2003 Version- Updatesp1 SwEdition- HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Xp Version- SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp2
Microsoft ≫ Windows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp3
Microsoft ≫ Internet Explorer Version7.0
Microsoft ≫ Windows Server 2003 Version- HwPlatformx64
Microsoft ≫ Windows Server 2003 Version- Updatesp1
Microsoft ≫ Windows Server 2003 Version- Updatesp1 SwEdition- HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version-
Microsoft ≫ Windows Vista Version-
Microsoft ≫ Windows Vista Version- Updatesp1
Microsoft ≫ Windows Xp Version- SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp2
Microsoft ≫ Windows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp3
Microsoft ≫ Windows Server 2003 Version- Updatesp1
Microsoft ≫ Windows Server 2003 Version- Updatesp1 SwEdition- HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformitanium
Microsoft ≫ Windows Server 2003 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version-
Microsoft ≫ Windows Vista Version-
Microsoft ≫ Windows Vista Version- Updatesp1
Microsoft ≫ Windows Xp Version- SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp2
Microsoft ≫ Windows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
Microsoft ≫ Windows Xp Version- Updatesp3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 59.2% | 0.982 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.