This host is missing a critical security update according to Microsoft Bulletin MS08-073.
Successful exploitation could result in stack based buffer overflow by sending overly long specially crafted file via web page to corrupt heap memory. Impact Level: System/Application
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://technet.microsoft.com/en-us/security/bulletin/MS08-073
The flaws are due to - error when handling parameters passed to unspecified navigation methods. - error when fetching a file with an overly long path from a WebDAV share. - unspecified use-after-free error. - a boundary error when processing an overly long filename extension specified inside an EMBED tag.
Internet Explorer 7 on MS Windows Vista Internet Explorer 6 on MS Windows 2003 and XP Internet Explorer 7 on MS Windows 2003 and XP Internet Explorer 7 on MS Windows 2008 Server Internet Explorer 5.01 and 6 on MS Windows 2000
Updated on 2015-03-25
CVE CVE-2008-4258, CVE-2008-4259, CVE-2008-4260, CVE-2008-4261
CVSS Base Score: 9.3
- Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
- Flaw in Microsoft VM Could Allow Code Execution (810030)
- Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
- Microsoft DirectShow Remote Code Execution Vulnerability (977935)
- Cumulative Security Update for Internet Explorer (953838)