Vulnerability Description
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Internet Explorer | 5.01 |
| Microsoft | Windows-Nt | 2008 |
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows Vista | All versions |
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680Third Party Advisory
- http://marc.info/?l=bugtraq&m=120845064910729&w=2Mailing List
- http://secunia.com/advisories/29714Vendor Advisory
- http://www.securityfocus.com/bid/28606Patch
- http://www.securitytracker.com/id?1019800Third Party AdvisoryVDB Entry
- http://www.us-cert.gov/cas/techalerts/TA08-099A.htmlThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2008/1147/referencesBroken Link
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-02
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41464
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680Third Party Advisory
- http://marc.info/?l=bugtraq&m=120845064910729&w=2Mailing List
- http://secunia.com/advisories/29714Vendor Advisory
- http://www.securityfocus.com/bid/28606Patch
- http://www.securitytracker.com/id?1019800Third Party AdvisoryVDB Entry
FAQ
What is CVE-2008-1086?
CVE-2008-1086 is a vulnerability with a CVSS score of 9.3 (HIGH). The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to ...
How severe is CVE-2008-1086?
CVE-2008-1086 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1086?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Internet Explorer, Microsoft Windows-Nt, Microsoft Windows 2003 Server, Microsoft Windows Vista.