CVE-2008-1086

https://notcve.org/view.php?id=CVE-2008-1086

The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. El HxTocCtrl ActiveX control (hxvz.dll), usado en Microsoft Internet Explorer 5.01 SP4 y 6 SP1, en Windows XP SP2, Server 2003 SP1 y SP2, Vista SP1 y Server 2008, permite a atacantes remotos ejecutar código de su elección a través de argumentos mal formados, lo que dispara una corrupción de memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680 http://marc.info/?l=bugtraq&m=120845064910729&w=2 http://secunia.com/advisories/29714 http://www.securityfocus.com/bid/28606 http://www.securitytracker.com/id?1019800 http://www.us-cert.gov/cas/techalerts/TA08-099A.html http://www.vupen.com/english/advisories/2008/1147/references https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-023 https://exchange.xforce.ibmcloud.com/vulnerabilities/4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •