CVE-2008-0077

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Microsoft / internet_explorer6 – 6
Microsoft / internet_explorer6 – 6
Microsoft / internet_explorer7 – 7

References

MISChttp://www.securityfocus.com/archive/1/488048/100/0/threaded
MAILING_LISThttp://marc.info/?l=bugtraq&m=120361015026386&w=2
MISChttp://www.securityfocus.com/bid/27666
MAILING_LISThttp://marc.info/?l=bugtraq&m=120361015026386&w=2
MISChttp://www.kb.cert.org/vuls/id/228569
VENDOR_ADVISORYhttp://www.zerodayinitiative.com/advisories/ZDI-08-006.html
MISChttp://www.securitytracker.com/id?1019380
MISChttp://www.us-cert.gov/cas/techalerts/TA08-043C.html
MISChttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661
MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5396
VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/0512/references
MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010
VENDOR_ADVISORYhttp://secunia.com/advisories/28903