CVE-2008-4844 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-4844
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-4844

Description: Use-after-free vulnerability in mshtml.dll in Microsoft Internet Explorer 5.01, 6, and 7 on Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a crafted XML document containing nested SPAN elements, as exploited in the wild in December 2008.

CVE Status: Candidate

References: ST 1021381 SAID Secunia Advisory: SA33089 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6007 MS http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx MISC http://www.scanw.com/blog/archives/303 http://isc.sans.org/diary.html?storyid=5458 http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/ http://www.breakingpointsystems.com/community/blog/patch-tuesdays-and-drive-by-sundays http://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx MILW0RM http://www.milw0rm.com/exploits/7583 http://www.milw0rm.com/exploits/7477 http://www.milw0rm.com/exploits/7410 http://www.milw0rm.com/exploits/7403 HP http://marc.info/?l=bugtraq&m=123015308222620&w=2 CONFIRM http://www.microsoft.com/technet/security/advisory/961051.mspx CERT-VN 493881 CERT http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.us-cert.gov/cas/techalerts/TA08-352A.html BID 32721

Return to the previous page.