Vulnerabilities > CVE-2008-2254 - Resource Management Errors vulnerability in Microsoft Internet Explorer 6/7
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS08-045.NASL |
description | The remote host is missing the IE cumulative security update 953838. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 33874 |
published | 2008-08-13 |
reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/33874 |
title | MS08-045: Cumulative Security Update for Internet Explorer (953838) |
code |
|
Oval
accepted | 2014-08-18T04:06:02.860-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:5820 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2008-08-13T09:28:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | HTML Object Memory Corruption Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 74 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 30614,30611,30612 CVE(CAN) ID: CVE-2008-2254,CVE-2008-2256,CVE-2008-2259 Internet Explorer是微软操作系统中默认捆绑的WEB浏览器。 IE访问尚未正确初始化或已被删除的对象的方式中存在远程执行代码漏洞,在打印预览处理过程中处理参数验证的方式中存在另一个远程执行代码漏洞。攻击者可以通过构建特制的网页来利用该漏洞,当用户查看网页时,该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.0.1 SP4 临时解决方法: * 将Internet Explorer配置为在Internet和本地Intranet安全区域中运行ActiveX控件之前进行提示。 * 将Internet 和本地Intranet安全区域设置设为“高”,以便在这些区域中运行ActiveX控件和活动脚本之前进行提示。 * 以纯文本格式阅读电子邮件可帮助保护您免受来自HTML电子邮件攻击媒介的攻击。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-045)以及相应补丁: MS08-045:Cumulative Security Update for Internet Explorer (953838) 链接:<a href=http://www.microsoft.com/technet/security/Bulletin/MS08-045.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/Bulletin/MS08-045.mspx?pf=true</a> |
id | SSV:3870 |
last seen | 2017-11-19 |
modified | 2008-08-19 |
published | 2008-08-19 |
reporter | Root |
title | Microsoft IE HTML组件处理多个内存破坏漏洞(MS08-045) |
References
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://secunia.com/advisories/31375
- http://secunia.com/advisories/31375
- http://www.securityfocus.com/bid/30614
- http://www.securityfocus.com/bid/30614
- http://www.securitytracker.com/id?1020674
- http://www.securitytracker.com/id?1020674
- http://www.us-cert.gov/cas/techalerts/TA08-225A.html
- http://www.us-cert.gov/cas/techalerts/TA08-225A.html
- http://www.vupen.com/english/advisories/2008/2349
- http://www.vupen.com/english/advisories/2008/2349
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5820
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5820