Vulnerability in N/a
CVE-2008-3475
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code…
EPSS: 0.592 (98.3th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html (x_refsource_MISC)
- oval:org.mitre.oval:def:13151 (x_refsource_OVAL, signature, vdb-entry)
- ie-uninitialized-objects-code-execution(45563) (vdb-entry, x_refsource_XF)
- 20081015 Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution (mailing-list, x_refsource_BUGTRAQ)
- SSRT080143 (x_refsource_HP, vendor-advisory)
- MS08-058 (x_refsource_MS, vendor-advisory)
- ADV-2008-2809 (vdb-entry, x_refsource_VUPEN)
- 1021047 (vdb-entry, x_refsource_SECTRACK)
- www.zerodayinitiative.com/advisories/ZDI-08-069/ (x_refsource_MISC)
- TA08-288A (x_refsource_CERT, third-party-advisory)