CVE-2008-1085

Published: Apr 8, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.

Affected (24)

Products: Microsoft: Ie, Internet Explorer

2 products

Internet Explorer

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Microsoft Ie	Version 5.01 windows_2000_sp4
Microsoft Ie	Version 6 windows_server_2003_sp1
Microsoft Ie	Version 6 windows_server_2003_sp1_itanium
Microsoft Ie	Version 6 windows_xp_sp2
Microsoft Ie	Version 7
Microsoft Ie	Version 7 windows_server_2003_sp1
Microsoft Ie	Version 7 windows_xp_sp2
Microsoft Internet Explorer	Version 6
Microsoft Internet Explorer	Version 6
Microsoft Internet Explorer	Version 6
Microsoft Internet Explorer	Version 6
Microsoft Internet Explorer	Version 6
Microsoft Internet Explorer	Version 6
Microsoft Internet Explorer	Version 7
Microsoft Internet Explorer	Version 7
Microsoft Internet Explorer	Version 7
Microsoft Internet Explorer	Version 7
Microsoft Internet Explorer	Version 7
Microsoft Internet Explorer	Version 7
Microsoft Internet Explorer	Version 7
Microsoft Internet Explorer	Version 7
Microsoft Internet Explorer	Version 7
Microsoft Internet Explorer	Version 7
Microsoft Internet Explorer	Version 7

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (20)

http://marc.info/?l=bugtraq&m=120845064910729&w=2

Source: secure@microsoft.com

http://secunia.com/advisories/27707

Source: secure@microsoft.com

PatchVendor Advisory

http://secunia.com/secunia_research/2007-100/advisory/

Source: secure@microsoft.com

Vendor Advisory

http://www.securityfocus.com/archive/1/490840/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/28552

Source: secure@microsoft.com

http://www.securitytracker.com/id?1019801

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA08-099A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2008/1148/references

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-024

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5563

Source: secure@microsoft.com

http://marc.info/?l=bugtraq&m=120845064910729&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27707

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/secunia_research/2007-100/advisory/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/490840/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/28552

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1019801

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA08-099A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2008/1148/references

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-024

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5563

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.