CVE-2008-3475

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."

CVSS Metrics

Affected Products (4)

GitHub Security Advisory GHSA-hj95-cvvq-rc83

Microsoft Internet Explorer 6 does not properly handle errors related to using the...

References (24)

• http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html Issue Tracking, Third Party Advisory
• http://marc.info/?l=bugtraq&m=122479227205998&w=2 Mailing List
• http://www.securityfocus.com/archive/1/497380/100/0/threaded Broken Link, Third Party Advisory, VDB Entry
• http://www.securityfocus.com/bid/31617 Broken Link, Patch, Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id?1021047 Broken Link, Third Party Advisory, VDB Entry
• http://www.us-cert.gov/cas/techalerts/TA08-288A.html Broken Link, Third Party Advisory, US Government Resource
• http://www.vupen.com/english/advisories/2008/2809 Broken Link
• http://www.zerodayinitiative.com/advisories/ZDI-08-069/ Third Party Advisory, VDB Entry
• https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058 Patch, Vendor Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/45563 Third Party Advisory, VDB Entry
• https://exchange.xforce.ibmcloud.com/vulnerabilities/45565 Third Party Advisory, VDB Entry
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151 Broken Link
• http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html Issue Tracking, Third Party Advisory
• http://marc.info/?l=bugtraq&m=122479227205998&w=2 Mailing List
• http://www.securityfocus.com/archive/1/497380/100/0/threaded Broken Link, Third Party Advisory, VDB Entry