ID CVE-2008-4259
Summary Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • Microsoft Internet Explorer 5.01 Service Pack 4
    cpe:2.3:a:microsoft:internet_explorer:5.01:sp4
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • Microsoft Internet Explorer 6
    cpe:2.3:a:microsoft:internet_explorer:6
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:x64
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1:x64
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • cpe:2.3:o:microsoft:windows_xp:-:gold:professional_x64
    cpe:2.3:o:microsoft:windows_xp:-:gold:professional_x64
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:professional_x64
    cpe:2.3:o:microsoft:windows_xp:-:sp2:professional_x64
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Microsoft Internet Explorer 6 SP1
    cpe:2.3:a:microsoft:internet_explorer:6:sp1
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • Microsoft Internet Explorer 7
    cpe:2.3:a:microsoft:internet_explorer:7
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:x64
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1:x64
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • cpe:2.3:o:microsoft:windows_server_2008:-:itanium
    cpe:2.3:o:microsoft:windows_server_2008:-:itanium
  • cpe:2.3:o:microsoft:windows_server_2008:-:x32
    cpe:2.3:o:microsoft:windows_server_2008:-:x32
  • cpe:2.3:o:microsoft:windows_server_2008:-:x64
    cpe:2.3:o:microsoft:windows_server_2008:-:x64
  • Microsoft Windows Vista gold
    cpe:2.3:o:microsoft:windows_vista:-:gold
  • cpe:2.3:o:microsoft:windows_vista:-:gold:x64
    cpe:2.3:o:microsoft:windows_vista:-:gold:x64
  • Microsoft Windows Vista Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_vista:-:sp1
  • Microsoft Windows Vista Service Pack 1 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp1:x64
  • cpe:2.3:o:microsoft:windows_xp:-:gold:professional_x64
    cpe:2.3:o:microsoft:windows_xp:-:gold:professional_x64
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:professional_x64
    cpe:2.3:o:microsoft:windows_xp:-:sp2:professional_x64
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
CVSS
Base: 9.3 (as of 10-12-2008 - 17:10)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS08-073
bulletin_url
date 2008-12-09T00:00:00
impact Remote Code Execution
knowledgebase_id 958215
knowledgebase_url
severity Critical
title Cumulative Security Update for Internet Explorer
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS08-073.NASL
description The remote host is missing the IE cumulative security update 958215. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host.
last seen 2019-02-21
modified 2018-11-15
plugin id 35072
published 2008-12-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=35072
title MS08-073: Microsoft Internet Explorer Multiple Vulnerabilities (958215)
oval via4
accepted 2014-08-18T04:06:00.933-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Pradeep R B
    organization SecPod Technologies
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
description Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability."
family windows
id oval:org.mitre.oval:def:5706
status accepted
submitted 2008-12-09T13:31:00
title HTML Objects Memory Corruption Vulnerability
version 71
refmap via4
bugtraq 20081209 ZDI-08-087: Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability
cert TA08-344A
misc
ms MS08-073
sectrack 1021371
vupen ADV-2008-3385
Last major update 07-03-2011 - 00:00
Published 10-12-2008 - 09:00
Last modified 26-02-2019 - 09:04
Back to Top