| Vulnerability Name: | CVE-2008-4844 (CCN-47208) | ||||||||
| Assigned: | 2008-12-09 | ||||||||
| Published: | 2008-12-09 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
7.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-399 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MISC Type: UNKNOWN http://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx Source: MISC Type: UNKNOWN http://code.google.com/p/inception-h2hc/ Source: MITRE Type: CNA CVE-2008-4844 Source: MISC Type: Exploit http://isc.sans.org/diary.html?storyid=5458 Source: HP Type: UNKNOWN HPSBST02397 Source: CCN Type: SA33089 Internet Explorer Data Binding Memory Corruption Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 33089 Source: CCN Type: SECTRACK ID: 1021381 Microsoft Internet Explorer DHTML Data Binding Invalid Pointer Reference Bug Lets Remote Users Execute Arbitrary Code Source: CCN Type: NORTEL BULLETIN ID: 2008009253, Rev 1 Nortel Response to Microsoft Security Bulletin MS08-078 Source: CCN Type: McAfee Web site Downloader Trojan Exploits Hole in IE 7 Source: MISC Type: UNKNOWN http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/ Source: MISC Type: UNKNOWN http://www.breakingpointsystems.com/community/blog/patch-tuesdays-and-drive-by-sundays Source: CCN Type: IBM Internet Security Systems Protection Alert December 11, 2008 Microsoft Internet Explorer Data Binding Code Execution Source: CCN Type: US-CERT VU#493881 Microsoft Internet Explorer data binding memory corruption vulnerability Source: CERT-VN Type: US Government Resource VU#493881 Source: CCN Type: Microsoft Security Advisory (961051) Vulnerability in Internet Explorer Could Allow Remote Code Execution Source: CONFIRM Type: Vendor Advisory http://www.microsoft.com/technet/security/advisory/961051.mspx Source: CCN Type: Microsoft Security Bulletin MS08-078 Security Update for Internet Explorer (960714) Source: CCN Type: Microsoft Security Bulletin MS09-002 Cumulative Security Update for Internet Explorer (961260) Source: CCN Type: Microsoft Security Bulletin MS09-014 Cumulative Security Update for Internet Explorer (963027) Source: CCN Type: Scanw Web site IE70DAY Source: MISC Type: UNKNOWN http://www.scanw.com/blog/archives/303 Source: BID Type: UNKNOWN 32721 Source: CCN Type: BID-32721 Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability Source: SECTRACK Type: UNKNOWN 1021381 Source: CERT Type: US Government Resource TA08-344A Source: CERT Type: US Government Resource TA08-352A Source: VUPEN Type: Vendor Advisory ADV-2008-3391 Source: MS Type: UNKNOWN MS08-078 Source: XF Type: UNKNOWN ie-data-code-execution(47208) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6007 Source: EXPLOIT-DB Type: UNKNOWN 7403 Source: EXPLOIT-DB Type: UNKNOWN 7410 Source: EXPLOIT-DB Type: UNKNOWN 7477 Source: EXPLOIT-DB Type: UNKNOWN 7583 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||