Executive Summary
Summary | |
---|---|
Title | Security Update of ActiveX Kill Bits (948881) |
Informations | |||
---|---|---|---|
Name | MS08-023 | First vendor Publication | 2008-04-08 |
Vendor | Microsoft | Last vendor Modification | 2008-04-08 |
Severity (Vendor) | Critical | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
This critical security update resolves one privately reported vulnerability for a Microsoft product. This update also includes a kill bit for the Yahoo! Music Jukebox product. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2011-01-10 | Name : Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881) File : nvt/gb_ms08-023.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44171 | Microsoft Windows HxTocCtrl ActiveX (hxvz.dll) Memory Corruption |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Help 2.0 Contents Control 2 ActiveX function call unicode access RuleID : 13675 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Help 2.0 Contents Control 2 ActiveX function call access RuleID : 13674 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Help 2.0 Contents Control 2 ActiveX clsid unicode access RuleID : 13673 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Help 2.0 Contents Control 2 ActiveX clsid access RuleID : 13672 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Help 2.0 Contents Control ActiveX function call unicode access RuleID : 13671 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Help 2.0 Contents Control ActiveX function call access RuleID : 13670 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Help 2.0 Contents Control ActiveX clsid unicode access RuleID : 13669 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Help 2.0 Contents Control ActiveX clsid access RuleID : 13668 - Revision : 10 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-04-08 | Name : The remote Windows host has an ActiveX control that is affected by multiple b... File : smb_nt_ms08-023.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-04-26 18:00:30 |
|
2014-02-17 11:45:56 |
|
2014-01-19 21:30:11 |
|
2013-05-11 00:49:19 |
|