CVE-2008-1086

CWE-94Code Injection4 documents4 sources
Severity
9.3CRITICAL
EPSS
58.8%
top 1.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Internet ExplorerMicrosoft Windows-nt
Timeline
PublishedApr 8
Latest updateMay 1

Description

The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-2h2x-qrfm-pcx6: The HxTocCtrl ActiveX control (hxvz2022-05-01
CVEList
CVE-2008-1086: The HxTocCtrl ActiveX control (hxvz2008-04-08

💥Exploits & PoCs

1
Exploit-DB
Link Bid Script 1.5 - Multiple SQL Injections2008-09-15
CVE-2008-1086 (CRITICAL CVSS 9.3) | The HxTocCtrl ActiveX control (hxvz | cvebase.io