Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka “Property Memory Corruption Vulnerability.”
CPE | Name | Operator | Version |
---|---|---|---|
internet_explorer | eq | 6 sp1 | |
internet_explorer | eq | 6 | |
internet_explorer | eq | 7 |
labs.idefense.com/intelligence/vulnerabilities/display.php?id=661
secunia.com/advisories/28903
www.kb.cert.org/vuls/id/228569
www.securityfocus.com/archive/1/488048/100/0/threaded
www.securityfocus.com/bid/27666
www.securitytracker.com/id?1019380
www.us-cert.gov/cas/techalerts/TA08-043C.html
www.vupen.com/english/advisories/2008/0512/references
www.zerodayinitiative.com/advisories/ZDI-08-006.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010
marc.info/?l=bugtraq&m=120361015026386&w=2
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5396