CVE-2008-1442 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Internet Explorer

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer2 documents2 sources

Severity

9.3CRITICALNVD

EPSS

62.9%

top 1.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedJun 12

Latest updateMay 1

Description

Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer6, 7+1

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: www.zerodayinitiative.com ↗

🔴Vulnerability Details

GHSA

GHSA-m7fw-rcmw-qw64: Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, relat↗2022-05-01

▶