Lucene search

[email protected]CVE-2008-4127

HistorySep 18, 2008 - 5:59 p.m.

CVE-2008-4127

2008-09-1817:59:33

CWE-399

[email protected]

web.nvd.nist.gov

cve-2008-4127

mshtml.dll

internet explorer

denial of service

png vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.048 Low

EPSS

Percentile

92.8%

JSON

Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function.

Affected configurations

NVD

Node

microsoftinternet_explorerMatch7.0.5730unknowngold

microsoftinternet_explorerMatch8.0.6001beta

AND

microsoftwindows_xpMatch-sp2

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq7.0.5730
microsoft:internet_explorermicrosoft internet explorereq8.0.6001

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	7.0.5730
microsoft:internet_explorer	microsoft internet explorer	eq	8.0.6001

References

securityreason.com/securityalert/4273

www.securityfocus.com/archive/1/496483/100/0/threaded

www.securityfocus.com/bid/31215

exchange.xforce.ibmcloud.com/vulnerabilities/45225

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.048 Low

EPSS

Percentile

92.8%

JSON

Related for CVE-2008-4127

prion1 cvelist1 nvd1 openvas2