Summary
This host is missing a critical security update according to Microsoft Bulletin MS08-073.
Impact
Successful exploitation could result in stack based buffer overflow by sending overly long specially crafted file via web page to corrupt heap memory.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://technet.microsoft.com/en-us/security/bulletin/MS08-073
Insight
The flaws are due to
- error when handling parameters passed to unspecified navigation methods.
- error when fetching a file with an overly long path from a WebDAV share.
- unspecified use-after-free error.
- a boundary error when processing an overly long filename extension specified inside an EMBED tag.
Affected
Internet Explorer 7 on MS Windows Vista
Internet Explorer 6 on MS Windows 2003 and XP
Internet Explorer 7 on MS Windows 2003 and XP
Internet Explorer 7 on MS Windows 2008 Server
Internet Explorer 5.01 and 6 on MS Windows 2000
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-4258, CVE-2008-4259, CVE-2008-4260, CVE-2008-4261 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
- Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
- Buffer Overrun in Messenger Service (828035)
- Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
- Flaw in Microsoft VM Could Allow Code Execution (810030)