Vulnerability Name:

CVE-2008-0077 (CCN-40089)

Assigned:2008-02-12
Published:2008-02-12
Updated:2021-07-23
Summary:Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-0077

Source: IDEFENSE
Type: UNKNOWN
20080212 Microsoft Internet Explorer Property Memory Corruption Vulnerability

Source: HP
Type: UNKNOWN
HPSBST02314

Source: CCN
Type: SA28903
Microsoft Internet Explorer Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
28903

Source: CCN
Type: SECTRACK ID: 1019380
Microsoft Internet Explorer Property Method Processing Bug Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2008-069
MS08-010 Cumulative Security Update for Internet Explorer (944533)

Source: CCN
Type: NORTEL BULLETIN ID: 2008008629, Rev 1
Nortel Response to Microsoft Security Bulletin MS08-010

Source: CCN
Type: US-CERT VU#228569
Microsoft Internet Explorer property memory corruption vulnerability

Source: CERT-VN
Type: US Government Resource
VU#228569

Source: CCN
Type: Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)

Source: CCN
Type: Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)

Source: CCN
Type: Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)

Source: CCN
Type: Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)

Source: CCN
Type: Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)

Source: BUGTRAQ
Type: UNKNOWN
20080213 ZDI-08-006: Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability

Source: BID
Type: UNKNOWN
27666

Source: CCN
Type: BID-27666
Microsoft Internet Explorer Property Method Remote Memory Corruption Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019380

Source: CERT
Type: US Government Resource
TA08-043C

Source: VUPEN
Type: Vendor Advisory
ADV-2008-0512

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-08-006.html

Source: MS
Type: UNKNOWN
MS08-010

Source: XF
Type: UNKNOWN
ie-property-method-code-execution(40089)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 02.12.08
Microsoft Internet Explorer Property Memory Corruption Vulnerability

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5396

Source: CCN
Type: ZDI-08-006
Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:gold:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:gold:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:-:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5396
    V
    		Property Memory Corruption Vulnerability
    2014-08-25
    BACK
    microsoft internet explorer 6 sp1
    microsoft windows 2000 * sp4
    microsoft internet explorer 6
    microsoft windows server 2003 * sp2
    microsoft windows 2003 server * sp2
    microsoft windows xp * sp2
    microsoft windows xp - sp2
    microsoft windows 2003 server * sp1
    microsoft windows 2003 server * sp2
    microsoft windows server 2003 *
    microsoft windows xp - gold
    microsoft windows 2003 server * sp1
    microsoft internet explorer 7
    microsoft windows xp - sp2
    microsoft windows xp - gold
    microsoft windows 2003 server * sp1
    microsoft windows 2003 server * sp2
    microsoft windows 2003 server * sp2
    microsoft windows xp * sp2
    microsoft windows vista *
    microsoft windows 2003 server * sp1
    microsoft windows vista *
    microsoft ie 6.0
    microsoft ie 6.0 sp1
    microsoft ie 7.0
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium
    microsoft windows vista *
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows vista -
    microsoft windows xp sp2