CVE-2008-2257Out-of-bounds Write in Microsoft Internet Explorer

CWE-3994 documents2 sources
Severity
9.3CRITICALNVD
EPSS
63.0%
top 1.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedAug 13
Latest updateMay 1

Description

Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/internet_explorer5.01, 6, 7+2

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-vf3x-2x5j-w472: Microsoft Internet Explorer 52022-05-01
GHSA
GHSA-2c69-52h7-cm65: Microsoft Internet Explorer 52022-05-01
CVE-2008-2257 — Out-of-bounds Write in Microsoft | cvebase