CVSS: 9.3EPSS: 93%CPEs: 28EXPL: 0CVE-2008-3476
https://notcve.org/view.php?id=CVE-2008-3476
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01 SP4 y 6 no gestiona correctamente los errores asociados con el acceso a memoria no inicializada, lo que permite a atacantes remotos ejecutar código de su elección mediante un documento HTML, también conocido como "HTML Objects Memory Corruption Vulnerability (Vulnerabilidad de Corrupción de Memoria de Objetos HTML)". • http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://www.securityfocus.com/bid/31618 http://www.securitytracker.com/id?1021047 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2809 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058 https://exchange.xforce.ibmcloud.com/vulnerabilities/45564 https://exchange.xforce.ibmcloud.com/vulnerabilities/45565 https://oval.cisecurity.org/repository/search/definition/ova • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 96%CPEs: 28EXPL: 0CVE-2008-3475 – Microsoft Internet Explorer componentFromPoint Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-3475
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." Microsoft Internet Explorer 6 no maneja adecuadamente errores asociados con accesos a un objeto que ha sido (1) inicializado incorrectamente o (2) borrado, lo cual permite a atacantes remotos ejecutar código de su elección a través de un documento HTML manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria no iniciada". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the componentFromPoint() method exposed through JavaScript. A problem in the implementation of this method for a particular object can be used to arbitrarily control memory access. • http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://www.securityfocus.com/archive/1/497380/100/0/threaded http://www.securityfocus.com/bid/31617 http://www.securitytracker.com/id?1021047 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2809 http://www.zerodayinitiative.com/advisories/ZDI-08-069 https://docs.microsoft.com/en-us/security-updates/ • CWE-908: Use of Uninitialized Resource •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2008-4381
https://notcve.org/view.php?id=CVE-2008-4381
Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. El navegador Microsoft Internet Explorer v7 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de Javascript que llama a la función alert con una cadena codificada en formato URL de un número largo de caracteres inválidos. • http://securityreason.com/securityalert/4345 http://www.openwall.com/lists/oss-security/2008/10/03/7 http://www.openwall.com/lists/oss-security/2008/10/03/8 http://www.securityfocus.com/archive/1/496830/100/0/threaded http://www.securityfocus.com/archive/1/496926/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/45639 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 58%CPEs: 5EXPL: 0CVE-2008-2255
https://notcve.org/view.php?id=CVE-2008-2255
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability." Microsoft Internet Explorer 5.01, 6 y 7 accede a memoria no inicializada, lo que permite a atacantes remotos provocar una denegación de servicio (caída) y ejecutar código de su elección mediante vectores desconocidos, una vulnerabilidad distinta a CVE-2008-2254, también conocida como "HTML Object Memory Corruption Vulnerability (Vulnerabilidad de Corrupción de Memoria de Objeto HTML)". • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31375 http://www.securitytracker.com/id?1020674 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2349 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5602 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 79%CPEs: 4EXPL: 0CVE-2008-2254
https://notcve.org/view.php?id=CVE-2008-2254
Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability." Internet Explorer de Microsoft versiones 6 y 7, accede a la memoria no inicializada, lo que permite a los atacantes remotos causar una denegación de servicio (bloqueo) y ejecutar código arbitrario por medio de vectores desconocidos, también se conoce como "HTML Object Memory Corruption Vulnerability". • http://marc.info/?l=bugtraq&m=121915960406986&w=2 http://secunia.com/advisories/31375 http://www.securityfocus.com/bid/30614 http://www.securitytracker.com/id?1020674 http://www.us-cert.gov/cas/techalerts/TA08-225A.html http://www.vupen.com/english/advisories/2008/2349 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5820 • CWE-399: Resource Management Errors •