CVE-2008-3475
high-risk
Published 2008-10-15
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."
Do I need to act?
!
59.2% chance of exploitation in next 30 days
EPSS score — higher than 41% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (4)
Affected Vendors
References (24)
Mailing List
http://marc.info/?l=bugtraq&m=122479227205998&w=2
Broken Link
http://www.securityfocus.com/bid/31617
Broken Link
http://www.securitytracker.com/id?1021047
Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-069/
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45563
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45565
Mailing List
http://marc.info/?l=bugtraq&m=122479227205998&w=2
Broken Link
http://www.securityfocus.com/bid/31617
Broken Link
http://www.securitytracker.com/id?1021047
Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-069/
and 4 more references
58
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
18/34 · Moderate
Exposure
10/34 · Low