Vulnerability Description
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 5.01 |
| Microsoft | Windows 2000 | - |
| Microsoft | Windows Server 2003 | - |
| Microsoft | Windows Xp | - |
| Microsoft | Windows Server 2008 | - |
| Microsoft | Windows Vista | - |
Related Weaknesses (CWE)
References
- http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.htmlIssue TrackingThird Party Advisory
- http://marc.info/?l=bugtraq&m=122479227205998&w=2Mailing List
- http://www.securityfocus.com/archive/1/497380/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/31617Broken LinkPatchThird Party Advisory
- http://www.securitytracker.com/id?1021047Broken LinkThird Party AdvisoryVDB Entry
- http://www.us-cert.gov/cas/techalerts/TA08-288A.htmlBroken LinkThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2008/2809Broken Link
- http://www.zerodayinitiative.com/advisories/ZDI-08-069/Third Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-05PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45563Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45565Third Party AdvisoryVDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
- http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.htmlIssue TrackingThird Party Advisory
- http://marc.info/?l=bugtraq&m=122479227205998&w=2Mailing List
- http://www.securityfocus.com/archive/1/497380/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
FAQ
What is CVE-2008-3475?
CVE-2008-3475 is a vulnerability with a CVSS score of 8.8 (HIGH). Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remo...
How severe is CVE-2008-3475?
CVE-2008-3475 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3475?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer, Microsoft Windows 2000, Microsoft Windows Server 2003, Microsoft Windows Xp, Microsoft Windows Server 2008.