Oval Definition:oval:org.mitre.oval:def:13151
Revision Date:2011-12-05Version:44
Title:Uninitialized Memory Corruption Vulnerability in Internet Explorer
Description:Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-3475
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Internet Explorer 6
Definition Synopsis
  • IE 6 and Win 2KSo4
  • Microsoft Windows 2000 SP4 or later is installed
  • AND Microsoft Internet Explorer 6 is installed
  • AND Mshtml.dll version is less than 6.0.2800.1615
  • OR Win XP SP2 X86 and IE6
  • Microsoft Windows XP (x86) SP2 is installed
  • AND Mshtml.dll version is less than 6.0.2900.3429
  • AND Microsoft Internet Explorer 6 is installed
  • OR Win XP SP2 X86 and IE6
  • Microsoft Windows XP (x86) SP3 is installed
  • AND Mshtml.dll version is less than 6.0.2900.5659
  • AND Microsoft Internet Explorer 6 is installed
  • OR IE6 and Win 2K3 SP1 or Win XP X64 SP1
  • Microsoft Internet Explorer 6 is installed
  • AND Mshtml.dll version is less than 6.0.3790.3194
  • AND Win XP X64 SP1 or Win 2K3 SP1
  • Microsoft Windows XP Professional x64 Edition SP1 is installed
  • OR Microsoft Windows Server 2003 SP1 (x86) is installed
  • OR Microsoft Windows Server 2003 SP1 (x64) is installed
  • OR Microsoft Windows Server 2003 SP1 for Itanium is installed
  • OR Win 2K3 SP2 or Win XP X64 SP2 and IE6
  • Microsoft Internet Explorer 6 is installed
  • AND Mshtml.dll version is less than 6.0.3790.4357
  • AND Win 2K3 SP2 or Win XP X64 Sp2
  • Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) SP2 is installed
  • OR Microsoft Windows XP x64 Edition SP2 is installed
  • BACK