CVE-2008-3475 - Vulnerability Details

Vendors	Products
Microsoft	Internet Explorer Windows 2000 Windows Server 2003 Windows Server 2008 Windows Vista Windows Xp

Link	Providers
http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://www.securityfocus.com/archive/1/497380/100/0/threaded
http://www.securityfocus.com/bid/31617
http://www.securitytracker.com/id?1021047
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
http://www.vupen.com/english/advisories/2008/2809
http://www.zerodayinitiative.com/advisories/ZDI-08-069/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058
https://exchange.xforce.ibmcloud.com/vulnerabilities/45563
https://exchange.xforce.ibmcloud.com/vulnerabilities/45565
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-14T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka \"Uninitialized Memory Corruption Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html"}, {"name": "oval:org.mitre.oval:def:13151", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151"}, {"name": "ie-uninitialized-objects-code-execution(45563)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45563"}, {"name": "20081015 Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/497380/100/0/threaded"}, {"name": "SSRT080143", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"name": "MS08-058", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058"}, {"name": "ADV-2008-2809", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2809"}, {"name": "1021047", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021047"}, {"name": "HPSBST02379", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-069/"}, {"name": "TA08-288A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"}, {"name": "win-ms08kb956390-update(45565)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45565"}, {"name": "31617", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31617"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2008-3475", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka \"Uninitialized Memory Corruption Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html", "refsource": "MISC", "url": "http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html"}, {"name": "oval:org.mitre.oval:def:13151", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151"}, {"name": "ie-uninitialized-objects-code-execution(45563)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45563"}, {"name": "20081015 Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497380/100/0/threaded"}, {"name": "SSRT080143", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"name": "MS08-058", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058"}, {"name": "ADV-2008-2809", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2809"}, {"name": "1021047", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021047"}, {"name": "HPSBST02379", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-069/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-069/"}, {"name": "TA08-288A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"}, {"name": "win-ms08kb956390-update(45565)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45565"}, {"name": "31617", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31617"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:37:27.036Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html"}, {"name": "oval:org.mitre.oval:def:13151", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151"}, {"name": "ie-uninitialized-objects-code-execution(45563)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45563"}, {"name": "20081015 Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/497380/100/0/threaded"}, {"name": "SSRT080143", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"name": "MS08-058", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058"}, {"name": "ADV-2008-2809", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2809"}, {"name": "1021047", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021047"}, {"name": "HPSBST02379", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-069/"}, {"name": "TA08-288A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"}, {"name": "win-ms08kb956390-update(45565)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45565"}, {"name": "31617", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31617"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2008-3475", "datePublished": "2008-10-15T00:00:00", "dateReserved": "2008-08-04T00:00:00", "dateUpdated": "2024-08-07T09:37:27.036Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2008-10-14T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-12T19:57:01 (string)

orgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

shortName : microsoft (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html (string)

}

1 : { »

name : oval:org.mitre.oval:def:13151 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151 (string)

}

2 : { »

name : ie-uninitialized-objects-code-execution(45563) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45563 (string)

}

3 : { »

name : 20081015 Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://www.securityfocus.com/archive/1/497380/100/0/threaded (string)

}

4 : { »

name : SSRT080143 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

]

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

5 : { »

name : MS08-058 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MS (string)

]

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058 (string)

}

6 : { »

name : ADV-2008-2809 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2008/2809 (string)

}

7 : { »

name : 1021047 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id?1021047 (string)

}

8 : { »

name : HPSBST02379 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

]

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

9 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://www.zerodayinitiative.com/advisories/ZDI-08-069/ (string)

}

10 : { »

name : TA08-288A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-288A.html (string)

}

11 : { »

name : win-ms08kb956390-update(45565) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45565 (string)

}

12 : { »

name : 31617 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/31617 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secure@microsoft.com (string)

ID : CVE-2008-3475 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html (string)

refsource : MISC (string)

url : http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html (string)

}

1 : { »

name : oval:org.mitre.oval:def:13151 (string)

refsource : OVAL (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151 (string)

}

2 : { »

name : ie-uninitialized-objects-code-execution(45563) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45563 (string)

}

3 : { »

name : 20081015 Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution (string)

refsource : BUGTRAQ (string)

url : http://www.securityfocus.com/archive/1/497380/100/0/threaded (string)

}

4 : { »

name : SSRT080143 (string)

refsource : HP (string)

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

5 : { »

name : MS08-058 (string)

refsource : MS (string)

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058 (string)

}

6 : { »

name : ADV-2008-2809 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2008/2809 (string)

}

7 : { »

name : 1021047 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id?1021047 (string)

}

8 : { »

name : HPSBST02379 (string)

refsource : HP (string)

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

9 : { »

name : http://www.zerodayinitiative.com/advisories/ZDI-08-069/ (string)

refsource : MISC (string)

url : http://www.zerodayinitiative.com/advisories/ZDI-08-069/ (string)

}

10 : { »

name : TA08-288A (string)

refsource : CERT (string)

url : http://www.us-cert.gov/cas/techalerts/TA08-288A.html (string)

}

11 : { »

name : win-ms08kb956390-update(45565) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45565 (string)

}

12 : { »

name : 31617 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/31617 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T09:37:27.036Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html (string)

}

1 : { »

name : oval:org.mitre.oval:def:13151 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

3 : x_transferred (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151 (string)

}

2 : { »

name : ie-uninitialized-objects-code-execution(45563) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45563 (string)

}

3 : { »

name : 20081015 Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/497380/100/0/threaded (string)

}

4 : { »

name : SSRT080143 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

5 : { »

name : MS08-058 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MS (string)

2 : x_transferred (string)

]

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058 (string)

}

6 : { »

name : ADV-2008-2809 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2008/2809 (string)

}

7 : { »

name : 1021047 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id?1021047 (string)

}

8 : { »

name : HPSBST02379 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

9 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://www.zerodayinitiative.com/advisories/ZDI-08-069/ (string)

}

10 : { »

name : TA08-288A (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT (string)

2 : x_transferred (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-288A.html (string)

}

11 : { »

name : win-ms08kb956390-update(45565) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45565 (string)

}

12 : { »

name : 31617 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/31617 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

assignerShortName : microsoft (string)

cveId : CVE-2008-3475 (string)

datePublished : 2008-10-15T00:00:00 (string)

dateReserved : 2008-08-04T00:00:00 (string)

dateUpdated : 2024-08-07T09:37:27.036Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:-:*:*:*:*:*:*", "matchCriteriaId": "0C69B5E6-D1AF-46F1-8AE6-DD5D4E3D9160", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*", "matchCriteriaId": "E3C43D05-40F8-4769-BA6B-A376420EA972", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "43D64F8D-975A-4A5B-BEDF-D27D65C96A29", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:-:*:itanium:*", "matchCriteriaId": "8856A97B-4C43-45E5-B1DB-89EB9C350265", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*", "matchCriteriaId": "9F98AE07-3995-4501-9804-FEA5A87ADFAD", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*", "matchCriteriaId": "A7371547-290D-4D0D-B98D-CA28B4D2E8B0", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:professional:*:x64:*", "matchCriteriaId": "18420EC8-633E-4AED-B33F-5A3C673C396D", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*", "matchCriteriaId": "C6109348-BC79-4ED3-8D41-EA546A540C79", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*", "matchCriteriaId": "E3C43D05-40F8-4769-BA6B-A376420EA972", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "43D64F8D-975A-4A5B-BEDF-D27D65C96A29", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:-:*:itanium:*", "matchCriteriaId": "8856A97B-4C43-45E5-B1DB-89EB9C350265", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*", "matchCriteriaId": "9F98AE07-3995-4501-9804-FEA5A87ADFAD", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*", "matchCriteriaId": "A7371547-290D-4D0D-B98D-CA28B4D2E8B0", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*", "matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:professional:*:x64:*", "matchCriteriaId": "18420EC8-633E-4AED-B33F-5A3C673C396D", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*", "matchCriteriaId": "C6109348-BC79-4ED3-8D41-EA546A540C79", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka \"Uninitialized Memory Corruption Vulnerability.\""}, {"lang": "es", "value": "Microsoft Internet Explorer 6 no maneja adecuadamente errores asociados con accesos a un objeto que ha sido (1) inicializado incorrectamente o (2) borrado, lo cual permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento HTML manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de Corrupci\u00f3n de Memoria no iniciada\"."}], "id": "CVE-2008-3475", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2008-10-15T00:12:15.833", "references": [{"source": "secure@microsoft.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html"}, {"source": "secure@microsoft.com", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"source": "secure@microsoft.com", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/497380/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/31617"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1021047"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"}, {"source": "secure@microsoft.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/2809"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-069/"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45563"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45565"}, {"source": "secure@microsoft.com", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/497380/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/31617"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1021047"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/2809"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-069/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45563"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45565"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:* (string)

matchCriteriaId : F3F2A51E-2675-4993-B9C2-F2D176A92857 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:* (string)

matchCriteriaId : D47247A3-7CD7-4D67-9D9B-A94A504DA1BE (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* (string)

matchCriteriaId : CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:internet_explorer:6:-:*:*:*:*:*:* (string)

matchCriteriaId : 0C69B5E6-D1AF-46F1-8AE6-DD5D4E3D9160 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:* (string)

matchCriteriaId : E3C43D05-40F8-4769-BA6B-A376420EA972 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:* (string)

matchCriteriaId : 43D64F8D-975A-4A5B-BEDF-D27D65C96A29 (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:-:*:itanium:* (string)

matchCriteriaId : 8856A97B-4C43-45E5-B1DB-89EB9C350265 (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 1D929AA2-EE0B-4AA1-805D-69BCCA11B77F (string)

vulnerable : false (boolean)

}

4 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:* (string)

matchCriteriaId : 9F98AE07-3995-4501-9804-FEA5A87ADFAD (string)

vulnerable : false (boolean)

}

5 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:* (string)

matchCriteriaId : A7371547-290D-4D0D-B98D-CA28B4D2E8B0 (string)

vulnerable : false (boolean)

}

6 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:-:*:*:*:professional:*:x64:* (string)

matchCriteriaId : 18420EC8-633E-4AED-B33F-5A3C673C396D (string)

vulnerable : false (boolean)

}

7 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3 (string)

vulnerable : false (boolean)

}

8 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:* (string)

matchCriteriaId : C6109348-BC79-4ED3-8D41-EA546A540C79 (string)

vulnerable : false (boolean)

}

9 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* (string)

matchCriteriaId : C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6BC71FD8-D385-4507-BD14-B75FDD4C79E6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:* (string)

matchCriteriaId : E3C43D05-40F8-4769-BA6B-A376420EA972 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:* (string)

matchCriteriaId : 43D64F8D-975A-4A5B-BEDF-D27D65C96A29 (string)

vulnerable : false (boolean)

}

2 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:-:*:itanium:* (string)

matchCriteriaId : 8856A97B-4C43-45E5-B1DB-89EB9C350265 (string)

vulnerable : false (boolean)

}

3 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 1D929AA2-EE0B-4AA1-805D-69BCCA11B77F (string)

vulnerable : false (boolean)

}

4 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:* (string)

matchCriteriaId : 9F98AE07-3995-4501-9804-FEA5A87ADFAD (string)

vulnerable : false (boolean)

}

5 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:* (string)

matchCriteriaId : A7371547-290D-4D0D-B98D-CA28B4D2E8B0 (string)

vulnerable : false (boolean)

}

6 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 32623D48-7000-4C7D-823F-7D2A9841D88C (string)

vulnerable : false (boolean)

}

7 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 7CAEEA81-5037-4B68-98D9-83AAEBC98E20 (string)

vulnerable : false (boolean)

}

8 : { »

criteria : cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* (string)

matchCriteriaId : 3A04E39A-623E-45CA-A5FC-25DAA0F275A3 (string)

vulnerable : false (boolean)

}

9 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:-:*:*:*:professional:*:x64:* (string)

matchCriteriaId : 18420EC8-633E-4AED-B33F-5A3C673C396D (string)

vulnerable : false (boolean)

}

10 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3 (string)

vulnerable : false (boolean)

}

11 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:* (string)

matchCriteriaId : C6109348-BC79-4ED3-8D41-EA546A540C79 (string)

vulnerable : false (boolean)

}

12 : { »

criteria : cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* (string)

matchCriteriaId : C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." (string)

}

1 : { »

lang : es (string)

value : Microsoft Internet Explorer 6 no maneja adecuadamente errores asociados con accesos a un objeto que ha sido (1) inicializado incorrectamente o (2) borrado, lo cual permite a atacantes remotos ejecutar código de su elección a través de un documento HTML manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria no iniciada". (string)

}

]

id : CVE-2008-3475 (string)

lastModified : 2025-04-09T00:30:58.490 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9.3 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:M/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 10 (number)

obtainAllPrivilege : true (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2008-10-15T00:12:15.833 (string)

references : [ »

0 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html (string)

}

1 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Mailing List (string)

]

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

2 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Mailing List (string)

]

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

3 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/archive/1/497380/100/0/threaded (string)

}

4 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Broken Link (string)

1 : Patch (string)

2 : Third Party Advisory (string)

3 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/31617 (string)

}

5 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securitytracker.com/id?1021047 (string)

}

6 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-288A.html (string)

}

7 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.vupen.com/english/advisories/2008/2809 (string)

}

8 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.zerodayinitiative.com/advisories/ZDI-08-069/ (string)

}

9 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058 (string)

}

10 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45563 (string)

}

11 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45565 (string)

}

12 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Broken Link (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

]

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

]

url : http://marc.info/?l=bugtraq&m=122479227205998&w=2 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/archive/1/497380/100/0/threaded (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

1 : Patch (string)

2 : Third Party Advisory (string)

3 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/31617 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securitytracker.com/id?1021047 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

1 : Third Party Advisory (string)

2 : US Government Resource (string)

]

url : http://www.us-cert.gov/cas/techalerts/TA08-288A.html (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://www.vupen.com/english/advisories/2008/2809 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.zerodayinitiative.com/advisories/ZDI-08-069/ (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45563 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/45565 (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151 (string)

}

]

sourceIdentifier : secure@microsoft.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-908 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object