Описание
Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."
Ссылки
- Third Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Broken Link
- Third Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Broken Link
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.54758
Средний
8.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-416
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."
EPSS
Процентиль: 98%
0.54758
Средний
8.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-416