CVE-2008-1442

Published: Jun 12, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."

Affected (2)

Products: Microsoft: Internet Explorer

1 product

Internet Explorer

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6
Microsoft Internet Explorer	Version 7

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (22)

http://marc.info/?l=bugtraq&m=121380194923597&w=2

Source: secure@microsoft.com

Mailing List

http://secunia.com/advisories/30575

Source: secure@microsoft.com

PatchVendor Advisory

http://securityreason.com/securityalert/3934

Source: secure@microsoft.com

Third Party Advisory

http://securitytracker.com/id?1020225

Source: secure@microsoft.com

Patch

http://www.securityfocus.com/archive/1/493253/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/29556

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA08-162B.html

Source: secure@microsoft.com

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2008/1778

Source: secure@microsoft.com

Broken Link

http://www.zerodayinitiative.com/advisories/ZDI-08-039/

Source: secure@microsoft.com

PatchTechnical DescriptionThird Party Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-031

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5720

Source: secure@microsoft.com

http://marc.info/?l=bugtraq&m=121380194923597&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://secunia.com/advisories/30575

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://securityreason.com/securityalert/3934

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://securitytracker.com/id?1020225

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/archive/1/493253/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/29556

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA08-162B.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2008/1778

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.zerodayinitiative.com/advisories/ZDI-08-039/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchTechnical DescriptionThird Party Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-031

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5720

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.