CVE-2008-3475 Information

Description

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted which allows remote attackers to execute arbitrary code via a crafted HTML document aka \Uninitialized Memory Corruption Vulnerability.\

Reference

http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://www.securityfocus.com/archive/1/497380/100/0/threaded http://www.securityfocus.com/bid/31617 http://www.securitytracker.com/id?1021047 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2809 http://www.zerodayinitiative.com/advisories/ZDI-08-069/ https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058 https://exchange.xforce.ibmcloud.com/vulnerabilities/45563 https://exchange.xforce.ibmcloud.com/vulnerabilities/45565 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A13151