CVE-2008-0077

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."

Related CPE's

amicrosoftinternet_explorer6sp1******

omicrosoftwindows_2000*sp4******

amicrosoftinternet_explorer6*******

omicrosoftwindows_xp*sp2******

omicrosoftwindows_xp-sp2x64*****

omicrosoftwindows_xp-goldx64*****

omicrosoftwindows_server_2003********

omicrosoftwindows_2003_server*sp1******

omicrosoftwindows_2003_server*sp1itanium*****

omicrosoftwindows_server_2003*sp2******

References

TA08-043C

US Government Resource

27666

1019380

28903

Vendor Advisory

20080212 Microsoft Internet Explorer Property Memory Corruption Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-08-006.html

VU#228569

US Government Resource

HPSBST02314

ADV-2008-0512

Vendor Advisory

oval:org.mitre.oval:def:5396

MS08-010

20080213 ZDI-08-006: Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:C/I:C/A:C

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

9.300000190734863

Created by Yello
About Severity.io