Vulnerability Description
Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 6 |
| Microsoft | Windows 2000 | - |
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows Server 2003 | All versions |
| Microsoft | Windows Xp | All versions |
| Microsoft | Windows Vista | All versions |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661Broken Link
- http://marc.info/?l=bugtraq&m=120361015026386&w=2Mailing List
- http://secunia.com/advisories/28903Broken LinkVendor Advisory
- http://www.kb.cert.org/vuls/id/228569Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/archive/1/488048/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/27666Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1019380Broken LinkThird Party AdvisoryVDB Entry
- http://www.us-cert.gov/cas/techalerts/TA08-043C.htmlBroken LinkThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2008/0512/referencesBroken LinkVendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-08-006.htmlThird Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-01PatchVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661Broken Link
- http://marc.info/?l=bugtraq&m=120361015026386&w=2Mailing List
- http://secunia.com/advisories/28903Broken LinkVendor Advisory
FAQ
What is CVE-2008-0077?
CVE-2008-0077 is a vulnerability with a CVSS score of 8.8 (HIGH). Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrat...
How severe is CVE-2008-0077?
CVE-2008-0077 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0077?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer, Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Server 2003, Microsoft Windows Xp.