Summary
This host is missing critical security update according to Microsoft Bulletin MS08-058.
Impact
Successful exploitation could allow attackers to execute arbitrary code via a malicious web page and can gain access to a browser window in another domain leading read cookies or cross domain scripting attacks.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms08-058.mspx
Insight
Multiple flaws are due to,
- the browser incorrectly interpreting the origin of scripts when setting the Window location object.
- the browser incorrectly interpreting the origin of scripts when handling certain HTML elements.
- the browser incorrectly interpreting the origin of scripts when handling certain events.
- a memory corruption error when the browser attempts to access an object which has not been initialized or has been deleted.
- a memory corruption error when the browser attempts to access uninitialized memory while processing certain HTML objects.
Affected
Internet Explorer 5.01 & 6 on MS Windows 2000
Internet Explorer 6 on MS Windows 2003 and XP
Internet Explorer 7 on MS Windows 2003 and XP
Internet Explorer 7 on MS Windows 2008 and Vista
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2947, CVE-2008-3472, CVE-2008-3473, CVE-2008-3474, CVE-2008-3475, CVE-2008-3476 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
- Cumulative Security Update for Internet Explorer (972260)
- Microsoft .NET Framework Privilege Elevation Vulnerability (2958732)
- Microsoft Group Policy Remote Code Execution Vulnerability (3000483)
- Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)