Summary
This host is missing critical security update according to Microsoft Bulletin MS08-045.
Impact
Remote attackers could execute remote code on the vulnerable system to gain the same user rights as the logged-on user.
Impact Level : System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-045.mspx
Insight
Multiple flaws are due to,
- uninitialized memory in certain situations.
- an object that has not been correctly initialized or that has been deleted.
- the way it handles argument validation in print preview handling.
Affected
MS Internet Explorer 5.01 & 6 on MS Windows 2000
MS Internet Explorer 6 on MS Windows 2003 and XP
MS Internet Explorer 7 on MS Windows 2003 and XP
MS Internet Explorer 7 on MS Windows 2008 and Vista
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2254, CVE-2008-2255, CVE-2008-2256, CVE-2008-2257, CVE-2008-2258, CVE-2008-2259 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
- Cumulative Security Update for Internet Explorer (972260)
- Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
- Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)
- Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)