|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-07-06 | |
| Rule Name: | Internet Explorer - Heap Corruption Vulnerability (CVE-2008-3475) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:31617 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058 http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html http://marc.info/?l=bugtraq&m=122479227205998&w=2 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058 |