CVE-2008-1086

2008-04-0823:05:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-1086

hxtocctrl

activex control

microsoft

internet explorer

remote code execution

vulnerability

memory corruption

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.838 High

EPSS

Percentile

98.5%

JSON

The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq5.01
microsoft:internet_explorermicrosoft internet explorereq6
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_2003_servermicrosoft windows 2003 servereq*
microsoft:windows-ntmicrosoft windows-nteq2008
microsoft:windows_vistamicrosoft windows vistaeq*

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	5.01
microsoft:internet_explorer	microsoft internet explorer	eq	6
microsoft:windows_xp	microsoft windows xp	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	*
microsoft:windows-nt	microsoft windows-nt	eq	2008
microsoft:windows_vista	microsoft windows vista	eq	*