Microsoft IE componentFromPoint内存破坏漏洞（MS08-058）

BUGTRAQ ID: 31617 CVECAN ID: CVE-2008-3475 Internet Explorer是Windows操作系统中默认捆绑的WEB浏览器。 Internet Explorer在实现暴露给JavaScript的componentFromPoint时允许特定的对象任意控制内存访问。攻击者可以通过构建特制的网页来利用该漏洞，当用户查看网页时，该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0...

Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution

There is a bug in Internet Explorer 6 JavaScript implementation enabling remote memory disclosure and remote code execution. The vulnerability is caused by improper implementation of componentFromPoint method of xml object. The vulnerability The vulnerability is triggered by errornous behavior of...

CVE-2008-3475

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been 1 incorrectly initialized or 2 deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory...

Memory corruption

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been 1 incorrectly initialized or 2 deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory...

CVE-2008-3475

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been 1 incorrectly initialized or 2 deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory...

PT-2008-4870 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 6 Description: The issue arises from improper error handling when using the componentFromPoint method on xml objects that have been incorrectly initialized or deleted, allowing remote attackers to execute...