CVE-2008-0077

HIGH

Microsoft Internet Explorer 6 SP1, 6 SP2, and 7 - Use-After-Free via SVG animateMotion Element

Title source: llm
STIX 2.1

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."

References (12)

Core 12
Core References
Broken Link, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488048/100/0/threaded
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=120361015026386&w=2
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27666
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/228569
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-08-006.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019380
Broken Link, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Broken Link third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661
Broken Link, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0512/references
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28903

Scores

CVSS v3 8.8
EPSS 0.3719
EPSS Percentile 98.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (2)
microsoft/internet_explorer 6 sp1 (2 CPE variants)
microsoft/internet_explorer 7
Published Feb 12, 2008
Tracked Since Feb 18, 2026