CVE-2008-4844
Microsoft Internet Explorer (Windows Vista) - XML Parsing Buffer Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
6Exploited in Wild
-Decision
Descriptions
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
Una vulnerabilidad de uso de la memoria previamente liberada en la función CRecordInstance::TransferToDestination en la biblioteca mshtml.dll en Internet Explorer de Microsoft versiones 5.01, 6, 6 SP1 y 7, permite a atacantes remotos ejecutar código arbitrario por medio de enlaces DSO involucrando a (1) una Island XML, (2 ) DSOs XML, y (3) Tabular Data Control (TDC) en un documento HTML o XML diseñado, como es demostrado mediante elementos anidados SPAN o MARQUEE, y explotados "in the wild" en diciembre de 2008.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-10-31 CVE Reserved
- 2008-12-11 CVE Published
- 2010-09-20 First Exploit
- 2024-08-07 CVE Updated
- 2024-11-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| http://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx | X_refsource_misc | |
| http://code.google.com/p/inception-h2hc | X_refsource_misc | |
| http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web | X_refsource_misc | |
| http://www.breakingpointsystems.com/community/blog/patch-tuesdays-and-drive-by-sundays | X_refsource_misc | |
| http://www.kb.cert.org/vuls/id/493881 | Third Party Advisory |
|
| http://www.scanw.com/blog/archives/303 | X_refsource_misc | |
| http://www.securityfocus.com/bid/32721 | Vdb Entry | |
| http://www.securitytracker.com/id?1021381 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-344A.html | Third Party Advisory | |
| http://www.us-cert.gov/cas/techalerts/TA08-352A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6007 | Signature | |
| https://web.archive.org/web/20080913064223/http://taossa.com/archive/bh08sotirovdowd.pdf |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/7410 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/7403 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/16583 | 2010-09-20 | |
| http://isc.sans.org/diary.html?storyid=5458 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/7477 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/7583 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/33089 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7 Search vendor "Microsoft" for product "Internet Explorer" and version "7" | - |
Affected
| ||||||