Vulnerability In Internet Explorer Could Allow Remote Code Execution (960714) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS08-078.

Impact

Successful exploitation could result in memory corruption via a specially crafted HTML document. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS08-078

Insight

The flaw is due to a use-after-free error when HTML elements are bound to the same data source.

Affected

Internet Explorer 5.01 & 6 on MS Windows 2000 Internet Explorer 6 on MS Windows 2003 and XP Internet Explorer 7 on MS Windows 2003 and XP Internet Explorer 7 on MS Windows vista Internet Explorer 7 on MS Windows 2008 server

References

http://technet.microsoft.com/en-us/security/bulletin/MS08-078

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4844

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
Cumulative Security Update for Internet Explorer (961260)
Buffer Overrun in the ListBox and in the ComboBox (824141)
Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)
Microsoft .NET Framework Remote Code Execution Vulnerabilities (2878890)

Vulnerability in Internet Explorer Could Allow Remote Code Execution (960714)

Take action and discover your vulnerabilities