CVE-2008-2258
Microsoft Internet Explorer Table Layout Memory Corruption Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257.
Internet Explorer de Microsoft versiones 5.01, 6 y 7, accede a la memoria no inicializada en determinadas condiciones, lo que permite a los atacantes remotos causar una denegación de servicio (bloqueo) y ejecutar código arbitrario por medio de vectores relacionados con un objeto de documento "appended in a specific order" con "particular functions ... performed on", también se conoce como "HTML Objects Memory Corruption Vulnerability" o "Table Layout Memory Corruption Vulnerability", una vulnerabilidad diferente de CVE-2008-2257.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists in the handling of document objects. When an object is appended in a specific order and particular functions are performed on these objects memory corruption occurs. Successful exploitation leads to remote compromise of the affected system under the credentials of the currently logged in user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-05-16 CVE Reserved
- 2008-08-12 CVE Published
- 2024-06-09 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/495431/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/30610 | Vdb Entry | |
| http://www.securitytracker.com/id?1020674 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-225A.html | Third Party Advisory | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-051 | X_refsource_misc |
|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6025 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/31375 | 2021-07-23 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=121915960406986&w=2 | 2021-07-23 | |
| http://www.vupen.com/english/advisories/2008/2349 | 2021-07-23 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045 | 2021-07-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7 Search vendor "Microsoft" for product "Internet Explorer" and version "7" | - |
Affected
| ||||||