Lucene search

[email protected]NVD:CVE-2008-0077

HistoryFeb 12, 2008 - 11:00 p.m.

CVE-2008-0077

2008-02-1223:00:00

CWE-416

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.908

Percentile

98.9%

JSON

Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka “Property Memory Corruption Vulnerability.”

Affected configurations

Nvd

Node

microsoftinternet_explorerMatch6sp1

AND

microsoftwindows_2000Match-sp4

Node

microsoftinternet_explorerMatch6

AND

microsoftwindows_2003_serversp1itanium

microsoftwindows_2003_serversp2

microsoftwindows_2003_serversp2itanium

microsoftwindows_2003_serverMatch-sp1

microsoftwindows_server_2003

microsoftwindows_server_2003sp2

microsoftwindows_xpsp2

microsoftwindows_xpMatch-goldx64

microsoftwindows_xpMatch-sp2x64

Node

microsoftinternet_explorerMatch7

AND

microsoftwindows_2003_serversp1

microsoftwindows_2003_serversp1itanium

microsoftwindows_2003_serversp2

microsoftwindows_2003_serversp2itanium

microsoftwindows_vista

microsoftwindows_vistax64

microsoftwindows_xpsp2

microsoftwindows_xpMatch-goldx64

microsoftwindows_xpMatch-sp2x64

VendorProductVersionCPE
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
microsoftwindows_2000-cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
microsoftwindows_2003_server-cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_explorer	6	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::
microsoft	windows_2000	-	cpe:2.3:o:microsoft:windows_2000:-:sp4::::::
microsoft	internet_explorer	6	cpe:2.3:a:microsoft:internet_explorer:6:::::::*
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp1:itanium:::::
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
microsoft	windows_2003_server	-	cpe:2.3:o:microsoft:windows_2003_server:-:sp1::::::
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::::::::
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp2::::::*

Rows per page:

1-10 of 161

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=661

marc.info/?l=bugtraq&m=120361015026386&w=2

secunia.com/advisories/28903

www.kb.cert.org/vuls/id/228569

www.securityfocus.com/archive/1/488048/100/0/threaded

www.securityfocus.com/bid/27666

www.securitytracker.com/id?1019380

www.us-cert.gov/cas/techalerts/TA08-043C.html

www.vupen.com/english/advisories/2008/0512/references

www.zerodayinitiative.com/advisories/ZDI-08-006.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5396

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.908

Percentile

98.9%

JSON

Related for NVD:CVE-2008-0077

checkpoint_advisories2 cert1 seebug1 prion1 cvelist1 cve1 securityvulns3 zdi1 nessus1