Summary
This host is missing a critical security update according to Microsoft Bulletin MS08-073.
Impact
Successful exploitation could result in stack based buffer overflow by sending overly long specially crafted file via web page to corrupt heap memory.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://technet.microsoft.com/en-us/security/bulletin/MS08-073
Insight
The flaws are due to
- error when handling parameters passed to unspecified navigation methods.
- error when fetching a file with an overly long path from a WebDAV share.
- unspecified use-after-free error.
- a boundary error when processing an overly long filename extension specified inside an EMBED tag.
Affected
Internet Explorer 7 on MS Windows Vista
Internet Explorer 6 on MS Windows 2003 and XP
Internet Explorer 7 on MS Windows 2003 and XP
Internet Explorer 7 on MS Windows 2008 Server
Internet Explorer 5.01 and 6 on MS Windows 2000
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-4258, CVE-2008-4259, CVE-2008-4260, CVE-2008-4261 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Consent User Interface Privilege Escalation Vulnerability (2442962)
- Message Queuing Remote Code Execution Vulnerability (951071) - Remote
- Cumulative Security Update for Internet Explorer (958215)
- ADODB.Stream object from Internet Explorer (KB870669)
- Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)