Microsoft Internet Explorer HTML Objects Uninitialized Memory Corruption Vulnerability

2019.05.01

Thierry Zoller (LU)

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-3476

CWE: CWE-399

CVSS Base Score: 9.3/10

Impact Subscore: 10/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Complete

Integrity impact: Complete

Availability impact: Complete

A remote code execution vulnerability exists in Internet Explorer due to accesses to uninitialized memory in certain cases of DTML constructs. As 
a result, memory may be corrupted in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

An attacker could exploit the vulnerability by constructing a specially prepared Website, when a user views the Web page, the vulnerability 
could allow remote code execution. An attacker who successfully  exploited this vulnerability could gain the same user rights as the 
logged-on user.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Microsoft Internet Explorer HTML Objects Uninitialized Memory Corruption Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.