Summary
This host is missing critical security update according to Microsoft Bulletin MS08-045.
Impact
Remote attackers could execute remote code on the vulnerable system to gain the same user rights as the logged-on user.
Impact Level : System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-045.mspx
Insight
Multiple flaws are due to,
- uninitialized memory in certain situations.
- an object that has not been correctly initialized or that has been deleted.
- the way it handles argument validation in print preview handling.
Affected
MS Internet Explorer 5.01 & 6 on MS Windows 2000
MS Internet Explorer 6 on MS Windows 2003 and XP
MS Internet Explorer 7 on MS Windows 2003 and XP
MS Internet Explorer 7 on MS Windows 2008 and Vista
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2254, CVE-2008-2255, CVE-2008-2256, CVE-2008-2257, CVE-2008-2258, CVE-2008-2259 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft DirectShow Remote Code Execution Vulnerability (961373)
- Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
- Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
- Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
- Cumulative Security Update for Internet Explorer (953838)