CVE-2008-3475

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."

Published: Oct 15, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3475
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-908
CWE-399

Affected Software
References

Software	From	Fixed in
microsoft / internet_explorer	5.01-sp4	5.01-sp4.x
microsoft / internet_explorer	6	6.x
microsoft / internet_explorer	6-sp1	6-sp1.x
microsoft / internet_explorer	7.0	7.0.x

http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://www.securityfocus.com/archive/1/497380/100/0/threaded
http://www.securityfocus.com/bid/31617
http://www.securitytracker.com/id?1021047
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
http://www.vupen.com/english/advisories/2008/2809
http://www.zerodayinitiative.com/advisories/ZDI-08-069/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058
https://exchange.xforce.ibmcloud.com/vulnerabilities/45563
https://exchange.xforce.ibmcloud.com/vulnerabilities/45565
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151

Vulnerability Database

CVE-2008-3475