Executive Summary
Summary | |
---|---|
Title | Cumulative Security Update for Internet Explorer (944533) |
Informations | |||
---|---|---|---|
Name | MS08-010 | First vendor Publication | 2008-02-12 |
Vendor | Microsoft | Last vendor Modification | 2008-02-12 |
Severity (Vendor) | Critical | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
This critical security update resolves three privately reported and one publicly reported vulnerabilities. The most serious of the vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
25 % | CWE-416 | Use After Free |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:4904 | |||
Oval ID: | oval:org.mitre.oval:def:4904 | ||
Title: | Argument Handling Memory Corruption Vulnerability | ||
Description: | Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0078 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5396 | |||
Oval ID: | oval:org.mitre.oval:def:5396 | ||
Title: | Property Memory Corruption Vulnerability | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0077 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5481 | |||
Oval ID: | oval:org.mitre.oval:def:5481 | ||
Title: | ActiveX Object Memory Corruption Vulnerability | ||
Description: | Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-4790 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5487 | |||
Oval ID: | oval:org.mitre.oval:def:5487 | ||
Title: | HTML Rendering Memory Corruption Vulnerability | ||
Description: | Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0076 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-01-13 | Name : Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerabi... File : nvt/gb_ms08-010.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
41468 | Microsoft FoxPro ActiveX Web Page Parsing Unspecified Memory Corruption |
41467 | Microsoft IE Image Processing Argument Validation Unspecified Memory Corruption |
41466 | Microsoft IE animateMotion.by SVG Element by Property Memory Corruption |
41465 | Microsoft IE HTML Layout Rendering Unspecified Memory Corruption |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | Microsoft Visual FoxPro ActiveX clsid access RuleID : 36792 - Revision : 2 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer HTML+TIME animatemotion property memory corruptio... RuleID : 16382 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer isindex buffer overflow attempt RuleID : 16063 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DXLUTBuilder ActiveX function call unicode access RuleID : 13456 - Revision : 13 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DXLUTBuilder ActiveX function call access RuleID : 13455 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DXLUTBuilder ActiveX clsid unicode access RuleID : 13454 - Revision : 13 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DXLUTBuilder ActiveX clsid access RuleID : 13453 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Visual FoxPro foxtlib ActiveX clsid unicode access RuleID : 13452 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Visual FoxPro foxtlib ActiveX clsid access RuleID : 13451 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual FoxPro ActiveX function call unicode access RuleID : 12420 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Visual FoxPro ActiveX function call access RuleID : 12419 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Visual FoxPro ActiveX clsid unicode access RuleID : 12418 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Visual FoxPro ActiveX clsid access RuleID : 12417 - Revision : 15 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-02-12 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms08-010.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:53 |
|
2014-01-19 21:30:10 |
|
2013-05-11 00:49:17 |
|