ID CVE-2008-2255
Summary Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • Microsoft Internet Explorer 5.01
    cpe:2.3:a:microsoft:ie:5.01
  • Microsoft Internet Explorer 6
    cpe:2.3:a:microsoft:ie:6
  • Microsoft Internet Explorer 7
    cpe:2.3:a:microsoft:ie:7
  • Microsoft Internet Explorer 6 SP1
    cpe:2.3:a:microsoft:internet_explorer:6:sp1
  • cpe:2.3:a:microsoft:internet_explorer:6:sp2
    cpe:2.3:a:microsoft:internet_explorer:6:sp2
CVSS
Base: 9.3 (as of 13-08-2008 - 14:53)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS08-045.NASL
description The remote host is missing the IE cumulative security update 953838. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host.
last seen 2019-02-21
modified 2018-11-15
plugin id 33874
published 2008-08-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=33874
title MS08-045: Cumulative Security Update for Internet Explorer (953838)
oval via4
accepted 2014-08-18T04:05:59.772-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Pooja Shetty
    organization SecPod Technologies
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows 2000 is installed
    oval oval:org.mitre.oval:def:85
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows 2000 is installed
    oval oval:org.mitre.oval:def:85
  • comment Microsoft Internet Explorer 5.01 SP4 is installed
    oval oval:org.mitre.oval:def:325
  • comment Microsoft Windows XP is installed
    oval oval:org.mitre.oval:def:105
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows XP is installed
    oval oval:org.mitre.oval:def:105
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Vista is installed
    oval oval:org.mitre.oval:def:228
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
description Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."
family windows
id oval:org.mitre.oval:def:5602
status accepted
submitted 2008-08-13T09:28:00
title HTML Objects Memory Corruption Vulnerability
version 71
refmap via4
cert TA08-225A
hp
  • HPSBST02360
  • SSRT080117
ms MS08-045
sectrack 1020674
secunia 31375
vupen ADV-2008-2349
Last major update 07-03-2011 - 22:08
Published 13-08-2008 - 08:42
Last modified 12-10-2018 - 17:47
Back to Top