Oval Definition:oval:org.mitre.oval:def:5396
Revision Date:2014-08-25Version:52
Title:Property Memory Corruption Vulnerability
Description:Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-0077
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Internet Explorer
Definition Synopsis
  • IE 6 on Win 2k
  • Microsoft Windows 2000 is installed
  • AND Internet Explorer 6 Service Pack 1 is installed
  • AND the version of mshtml.dll is less than 6.0.2800.1607
  • OR IE 6 on Win XP
  • Microsoft Windows XP (32-bit) is installed
  • AND Microsoft Internet Explorer 6 is installed
  • AND the version of mshtml.dll is less than 6.0.2900.3268
  • OR IE 6 on Win 2003 or Win XP X64
  • Microsoft Internet Explorer 6 is installed
  • AND the version of mshtml.dll is less than 6.0.3790.3064
  • AND Win XP X64/ Win 2K3
  • Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 for Itanium is installed
  • OR Microsoft Windows XP x64 is installed
  • OR IE 6 on Win 2003 / Win XP X64
  • Microsoft Internet Explorer 6 is installed
  • AND the version of mshtml.dll is less than 6.0.3790.4210
  • AND Win XP X64 / Win 2K3
  • Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 for Itanium is installed
  • OR Microsoft Windows XP x64 is installed
  • OR IE 7 on Win 2003 platforms
  • Microsoft Internet Explorer 7 is installed
  • AND Win XP / Win 2K3 and IE 7
  • Microsoft Windows XP is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 for Itanium is installed
  • AND Check for LDR / GDR
  • the version of mshtml.dll is less than 7.0.6000.16608
  • OR Check for LDR
  • Check if the version of mshtml.dll is less than 7.0.6000.20733
  • AND Mshtml.dll version is greater than 7.0.6000.20000
  • OR IE 7 on Win Vista platforms
  • Microsoft Internet Explorer 7 is installed
  • AND Windows Vista 32/ 64 bit
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • AND Check for LDR / GDR
  • the version of mshtml.dll is less than 7.0.6000.16609
  • OR Check for LDR
  • Check if the version of mshtml.dll is less than 7.0.6000.20734
  • AND Mshtml.dll version is greater than 7.0.6000.20000
    • BACK