Vulnerability Name:

CVE-2008-3475 (CCN-45563)

Assigned:2008-10-14
Published:2008-10-14
Updated:2019-02-26
Summary:Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-3475

Source: MISC
Type: UNKNOWN
http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html

Source: HP
Type: UNKNOWN
SSRT080143

Source: CCN
Type: SECTRACK ID: 1021047
Microsoft Internet Explorer Flaws Permit Cross-Domain Scripting Attacks and Let Remote Users Execute Arbitrary Code

Source: CCN
Type: ASA-2008-411
MS08-058 Cumulative Security Update for Internet Explorer (956390)

Source: CCN
Type: NORTEL BULLETIN ID: 2008009123, Rev 1
Nortel Response to Microsoft Security Bulletin MS08-058

Source: CCN
Type: Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)

Source: CCN
Type: Microsoft Security Bulletin MS08-073
Cumulative Security Update for Internet Explorer (958215)

Source: CCN
Type: Microsoft Security Bulletin MS09-002
Cumulative Security Update for Internet Explorer (961260)

Source: CCN
Type: Microsoft Security Bulletin MS09-014
Cumulative Security Update for Internet Explorer (963027)

Source: BUGTRAQ
Type: UNKNOWN
20081015 Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution

Source: BID
Type: Patch
31617

Source: CCN
Type: BID-31617
Microsoft Internet Explorer Uninitialized Object Remote Memory Corruption Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021047

Source: CERT
Type: US Government Resource
TA08-288A

Source: VUPEN
Type: UNKNOWN
ADV-2008-2809

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-08-069/

Source: MS
Type: UNKNOWN
MS08-058

Source: XF
Type: UNKNOWN
ie-uninitialized-objects-code-execution(45563)

Source: XF
Type: UNKNOWN
ie-uninitialized-objects-code-execution(45563)

Source: XF
Type: UNKNOWN
win-ms08kb956390-update(45565)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:13151

Source: CCN
Type: ZDI-08-069
Microsoft Internet Explorer componentFromPoint Memory Corruption Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp1:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp1:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:gold:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:13151
    V
    		Uninitialized Memory Corruption Vulnerability in Internet Explorer
    2011-12-05
    BACK
    microsoft internet explorer 5.01 sp4
    microsoft windows 2000 * sp4
    microsoft internet explorer 6
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp2
    microsoft windows xp * gold
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp3
    microsoft internet explorer 6 sp1
    microsoft windows 2000 * sp4
    microsoft internet explorer 7
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp2
    microsoft windows server 2008 *
    microsoft windows server 2008 *
    microsoft windows server 2008 *
    microsoft windows vista * gold
    microsoft windows vista * gold
    microsoft windows vista * sp1
    microsoft windows vista * sp1
    microsoft windows xp * gold
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp3
    microsoft ie 6.0
    microsoft ie 6.0 sp1
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows xp sp2
    microsoft windows xp sp3