Summary
This host is missing critical security update according to Microsoft Bulletin MS08-058.
Impact
Successful exploitation could allow attackers to execute arbitrary code via a malicious web page and can gain access to a browser window in another domain leading read cookies or cross domain scripting attacks.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms08-058.mspx
Insight
Multiple flaws are due to,
- the browser incorrectly interpreting the origin of scripts when setting the Window location object.
- the browser incorrectly interpreting the origin of scripts when handling certain HTML elements.
- the browser incorrectly interpreting the origin of scripts when handling certain events.
- a memory corruption error when the browser attempts to access an object which has not been initialized or has been deleted.
- a memory corruption error when the browser attempts to access uninitialized memory while processing certain HTML objects.
Affected
Internet Explorer 5.01 & 6 on MS Windows 2000
Internet Explorer 6 on MS Windows 2003 and XP
Internet Explorer 7 on MS Windows 2003 and XP
Internet Explorer 7 on MS Windows 2008 and Vista
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2947, CVE-2008-3472, CVE-2008-3473, CVE-2008-3474, CVE-2008-3475, CVE-2008-3476 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
- Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
- Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
- Microsoft DirectShow Remote Code Execution Vulnerability (2929961)
- Message Queuing Remote Code Execution Vulnerability (951071)