CVE-2008-0077

HIGH

Microsoft Internet Explorer - Use After Free

Title source: rule

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."

References (12)

[Broken Link] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661

[Mailing List] http://marc.info/?l=bugtraq&m=120361015026386&w=2

[Broken Link, Vendor Advisory] http://secunia.com/advisories/28903

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/228569

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/488048/100/0/threaded

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27666

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019380

[Broken Link, Third Party Advisory, US Government Resource] http://www.us-cert.gov/cas/techalerts/TA08-043C.html

[Broken Link, Vendor Advisory] http://www.vupen.com/english/advisories/2008/0512/references

[Third Party Advisory, VDB Entry] http://www.zerodayinitiative.com/advisories/ZDI-08-006.html

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5396

Scores

CVSS v3 8.8

EPSS 0.6227

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-416

Status draft

Affected Products (3)

microsoft/internet_explorer

microsoft/internet_explorer

microsoft/internet_explorer

Timeline

Published Feb 12, 2008

Tracked Since Feb 18, 2026