Summary
This host is missing critical security update according to Microsoft Bulletin MS08-045.
Impact
Remote attackers could execute remote code on the vulnerable system to gain the same user rights as the logged-on user.
Impact Level : System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-045.mspx
Insight
Multiple flaws are due to,
- uninitialized memory in certain situations.
- an object that has not been correctly initialized or that has been deleted.
- the way it handles argument validation in print preview handling.
Affected
MS Internet Explorer 5.01 & 6 on MS Windows 2000
MS Internet Explorer 6 on MS Windows 2003 and XP
MS Internet Explorer 7 on MS Windows 2003 and XP
MS Internet Explorer 7 on MS Windows 2008 and Vista
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2254, CVE-2008-2255, CVE-2008-2256, CVE-2008-2257, CVE-2008-2258, CVE-2008-2259 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft .NET Framework Privilege Elevation Vulnerability (2958732)
- Buffer Overrun in Messenger Service (828035)
- Message Queuing Remote Code Execution Vulnerability (951071)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
- Microsoft Data Analyzer ActiveX Control Vulnerability (978262)