Oval Definition:oval:org.mitre.oval:def:6007
Revision Date:2014-08-18Version:47
Title:Pointer Reference Memory Corruption Vulnerability
Description:Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-4844
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Internet Explorer
Definition Synopsis
  • IE 6 SP1 and Win 2K
  • Microsoft Windows 2000 is installed
  • AND Microsoft Internet Explorer 6 is installed
  • AND Mshtml.dll version is less than 6.0.2800.1619
  • OR IE 5.01 SP4 and Win 2K
  • Microsoft Windows 2000 is installed
  • AND Microsoft Internet Explorer 5.01 SP4 is installed
  • AND Mshtml.dll version is less than 5.0.3872.1000
  • OR Win XP X86 and IE6
  • Microsoft Windows XP is installed
  • AND Mshtml.dll version is less than 6.0.2900.3492
  • AND Microsoft Internet Explorer 6 is installed
  • OR Win XP X86 and IE6
  • Microsoft Windows XP (32-bit) is installed
  • AND Mshtml.dll version is less than 6.0.2900.5726
  • AND Microsoft Internet Explorer 6 is installed
  • OR Win 2K3 or Win XP X64 and IE6
  • Microsoft Internet Explorer 6 is installed
  • AND Mshtml.dll version is less than 6.0.3790.3261
  • AND Win 2K3 or Win XP X64
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • OR Win 2K3 or Win XP X64 and IE6
  • Microsoft Internet Explorer 6 is installed
  • AND Mshtml.dll version is less than 6.0.3790.4426
  • AND Win 2K3 or Win XP X64
  • Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • OR IE7 and Win 2K3 or Win XP or Vista
  • Microsoft Internet Explorer 7 is installed
  • AND Win XP / Win 2K3 / Win Vista
  • Microsoft Windows XP is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • OR Microsoft Windows Vista is installed
  • OR Microsoft Windows XP x64 is installed
  • AND Check for LDR and GDR
  • Mshtml.dll version is less than 7.0.6000.16788
  • OR Check for LDR
  • Mshtml.dll version is greater than 7.0.6000.20000
  • AND Mshtml.dll version is less than 7.0.6000.20973
  • OR Win 2K8 or Vista and IE7
  • Win 2k8 / Vista
  • Microsoft Windows Server 2008 is installed
  • OR Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • AND Microsoft Internet Explorer 7 is installed
  • AND Check for LDR or GDR
  • Mshtml.dll version is less than 7.0.6001.18183
  • OR Check for LDR
  • Mshtml.dll version is greater than or equal to 7.0.6001.22000
  • AND Mshtml.dll version is less than 7.0.6001.22328
  • OR IE 7 and Vista or Win 2K8
  • Vista / Win 2K8
  • Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • AND Microsoft Internet Explorer 7 is installed
  • AND Check if the version of mshtml.dll is less than 7.0.6002.20611
    • BACK