CVE-2008-3475

HIGH

Microsoft Internet Explorer 6 - Uninitialized Memory Corruption

Title source: llm

Description

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."

References (12)

[Issue Tracking, Third Party Advisory] http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html

[Mailing List] http://marc.info/?l=bugtraq&m=122479227205998&w=2

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/497380/100/0/threaded

[Broken Link, Patch, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31617

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1021047

[Broken Link, Third Party Advisory, US Government Resource] http://www.us-cert.gov/cas/techalerts/TA08-288A.html

[Broken Link] http://www.vupen.com/english/advisories/2008/2809

[Third Party Advisory, VDB Entry] http://www.zerodayinitiative.com/advisories/ZDI-08-069/

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45563

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45565

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151

Scores

CVSS v3 8.8

EPSS 0.5920

EPSS Percentile 98.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-908

Status draft

Affected Products (4)

microsoft/internet_explorer

microsoft/internet_explorer

microsoft/internet_explorer

microsoft/internet_explorer

Timeline

Published Oct 15, 2008

Tracked Since Feb 18, 2026