CVE-2008-0077

Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."

Published: Feb 13, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-0077
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-416
CWE-399

Affected Software
References

Software	From	Fixed in
microsoft / internet_explorer	6-sp1	6-sp1.x
microsoft / internet_explorer	6	6.x
microsoft / internet_explorer	7	7.x

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661
http://marc.info/?l=bugtraq&m=120361015026386&w=2
http://secunia.com/advisories/28903
http://www.kb.cert.org/vuls/id/228569
http://www.securityfocus.com/archive/1/488048/100/0/threaded
http://www.securityfocus.com/bid/27666
http://www.securitytracker.com/id?1019380
http://www.us-cert.gov/cas/techalerts/TA08-043C.html
http://www.vupen.com/english/advisories/2008/0512/references
http://www.zerodayinitiative.com/advisories/ZDI-08-006.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5396

Vulnerability Database

CVE-2008-0077

Deep Security Visibility Without the Complexity