Summary
This host is missing critical security update according to Microsoft Bulletin MS08-058.
Impact
Successful exploitation could allow attackers to execute arbitrary code via a malicious web page and can gain access to a browser window in another domain leading read cookies or cross domain scripting attacks.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms08-058.mspx
Insight
Multiple flaws are due to,
- the browser incorrectly interpreting the origin of scripts when setting the Window location object.
- the browser incorrectly interpreting the origin of scripts when handling certain HTML elements.
- the browser incorrectly interpreting the origin of scripts when handling certain events.
- a memory corruption error when the browser attempts to access an object which has not been initialized or has been deleted.
- a memory corruption error when the browser attempts to access uninitialized memory while processing certain HTML objects.
Affected
Internet Explorer 5.01 & 6 on MS Windows 2000
Internet Explorer 6 on MS Windows 2003 and XP
Internet Explorer 7 on MS Windows 2003 and XP
Internet Explorer 7 on MS Windows 2008 and Vista
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2947, CVE-2008-3472, CVE-2008-3473, CVE-2008-3474, CVE-2008-3475, CVE-2008-3476 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
- ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
- Cumulative Security Update for Internet Explorer (933566)
- Microsoft Groove Remote Code Execution Vulnerability (2494047)
- Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)