CVE-2008-0077

Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."

CVSS v3 8.8 HIGH
CVSS v2.0 9.3 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661	Broken Link
http://marc.info/?l=bugtraq&m=120361015026386&w=2	Mailing List
http://secunia.com/advisories/28903	Broken Link Vendor Advisory
http://www.kb.cert.org/vuls/id/228569	Third Party Advisory US Government Resource
http://www.securityfocus.com/archive/1/488048/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/27666	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1019380	Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-043C.html	Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2008/0512/references	Broken Link Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-006.html	Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5396	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_2003_server::sp1:itanium:::::
	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
	cpe:2.3:o:microsoft:windows_2003_server:-:sp1::::::
	cpe:2.3:o:microsoft:windows_server_2003::::::::
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp:-:gold:x64:::::*
	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*

Configuration 3 (hide)

AND

cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_2003_server::sp1::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp1:itanium:::::
	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
	cpe:2.3:o:microsoft:windows_vista::::::::
	cpe:2.3:o:microsoft:windows_vista:::x64:::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp:-:gold:x64:::::*
	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*

History

No history.

Information

Published : 2008-02-12 23:00

Updated : 2024-02-03 02:21

NVD link : CVE-2008-0077

Mitre link : CVE-2008-0077

CVE.ORG link : CVE-2008-0077

JSON object : View

Products Affected

microsoft

windows_server_2003
windows_vista
internet_explorer
windows_2003_server
windows_2000
windows_xp

CWE

CWE-416

Use After Free

{"id": "CVE-2008-0077", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2008-02-12T23:00:00.000", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661", "tags": ["Broken Link"], "source": "secure@microsoft.com"}, {"url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2", "tags": ["Mailing List"], "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/28903", "tags": ["Broken Link", "Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.kb.cert.org/vuls/id/228569", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/488048/100/0/threaded", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/27666", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id?1019380", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html", "tags": ["Broken Link", "Third Party Advisory", "US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2008/0512/references", "tags": ["Broken Link", "Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-006.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5396", "tags": ["Broken Link"], "source": "secure@microsoft.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka \"Property Memory Corruption Vulnerability.\""}, {"lang": "es", "value": "La vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer versiones 6 SP1, 6 SP2 y 7 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por la asignaci\u00f3n de valores malformados a determinadas propiedades, como se demuestra mediante la propiedad de un elemento de animateMotion SVG, tambi\u00e9n se conoce como \"Property Memory Corruption Vulnerability\""}], "lastModified": "2024-02-03T02:21:38.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "972ADDBC-5D6E-48D5-9DB7-44FE0539807D"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A0607E7-B416-4AF8-ADF6-6E503627DD29"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:gold:x64:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "135FCE5E-4296-4D8C-AF7B-84D20CD275EB"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "972ADDBC-5D6E-48D5-9DB7-44FE0539807D"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:gold:x64:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "135FCE5E-4296-4D8C-AF7B-84D20CD275EB"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@microsoft.com"}

8.8 /10