CVE-2008-3475

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
microsoftinternet_explorer
5.01:sp4
microsoftinternet_explorer
7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://www.securityfocus.com/archive/1/497380/100/0/threaded
http://www.securityfocus.com/bid/31617
http://www.securitytracker.com/id?1021047
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
http://www.vupen.com/english/advisories/2008/2809
http://www.zerodayinitiative.com/advisories/ZDI-08-069/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058
https://exchange.xforce.ibmcloud.com/vulnerabilities/45563
https://exchange.xforce.ibmcloud.com/vulnerabilities/45565
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151
http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://www.securityfocus.com/archive/1/497380/100/0/threaded
http://www.securityfocus.com/bid/31617
http://www.securitytracker.com/id?1021047
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
http://www.vupen.com/english/advisories/2008/2809
http://www.zerodayinitiative.com/advisories/ZDI-08-069/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058
https://exchange.xforce.ibmcloud.com/vulnerabilities/45563
https://exchange.xforce.ibmcloud.com/vulnerabilities/45565
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151