9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.728 High
EPSS
Percentile
97.8%
Added: 12/11/2008
CVE: CVE-2008-4261
BID: 32595
OSVDB: 50610
The HTML embed tag allows developers to embed plug-ins in web pages.
A vulnerability in Internet Explorer allows command execution when a user loads a page containing an embed tag with a src attribute containing a specially crafted filename extension.
Apply the update referenced in Microsoft Security Bulletin 08-073.
<http://www.microsoft.com/technet/security/bulletin/ms08-073.mspx>
Exploit works on Internet Explorer 5.01.
Windows 2000