Описание
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
Ссылки
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- PatchVendor Advisory
- Tool Signature
- Broken LinkThird Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- PatchVendor Advisory
- Tool Signature
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.58392
Средний
9.3 Critical
CVSS2
Дефекты
CWE-908
Связанные уязвимости
github
больше 3 лет назад
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
EPSS
Процентиль: 98%
0.58392
Средний
9.3 Critical
CVSS2
Дефекты
CWE-908