← Back

CVE-2008-3475

nvd nist
Published: Oct 15, 2008Modified: Apr 23, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."

Affected (4)

Microsoft
1 product
Internet Explorer
Configuration A
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Microsoft
Internet Explorer
Version 5.01 sp4
Internet Explorer
Version 6 sp1
Running on/withPlatform Versions
Microsoft
Windows 2000
All versions
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Internet Explorer
Version 6
Configuration C
1 vulnerable · 13 platform
Vulnerable SoftwareAffected Versions
Internet Explorer
Version 7.0
Running on/withPlatform Versions
Microsoft
Windows Server 2003
All versions
Microsoft
Windows Server 2003
All versions
Microsoft
Windows Server 2003
All versions
Microsoft
Windows Server 2003
All versions
Microsoft
Windows Server 2003
All versions
Microsoft
Windows Server 2003
All versions
Microsoft
Windows Server 2008
All versions
Microsoft
Windows Vista
All versions
Microsoft
Windows Vista
All versions
Microsoft
Windows Xp
All versions
Microsoft
Windows Xp
All versions
Microsoft
Windows Xp
All versions
Microsoft
Windows Xp
All versions

Related CWEs

CWE-908
Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.

References (24)

Source: secure@microsoft.com
Issue TrackingThird Party Advisory
Source: secure@microsoft.com
Mailing List
Source: secure@microsoft.com
Broken LinkThird Party AdvisoryVDB Entry
Source: secure@microsoft.com
Broken LinkPatchThird Party AdvisoryVDB Entry
Source: secure@microsoft.com
Broken LinkThird Party AdvisoryVDB Entry
Source: secure@microsoft.com
Broken LinkThird Party AdvisoryUS Government Resource
Source: secure@microsoft.com
Broken Link
Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
PatchVendor Advisory
Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkPatchThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

Timeline

No history available yet.