9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.694 Medium
EPSS
Percentile
98.0%
Added: 08/13/2008
CVE: CVE-2008-2259
BID: 30612
OSVDB: 47414
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
A flaw in the handling of validation of arguments by the print preview function in Internet Explorer allows command execution when a user loads a specially crafted web page.
Apply the fix referenced in Microsoft Security Bulletin 08-045.
<http://www.microsoft.com/technet/security/bulletin/MS08-045.mspx>
Exploit works on Microsoft Internet Explorer 6.0.2800.1106 and 6.0.2900.2180 and requires the user to load the exploit page, and then refresh the page.
This exploit requires the ability to bind to port 69/UDP on the SAINTexploit host.
Windows 2000
Windows XP