Name:
MS.IE.DOM.SubstringData.Buffer.Overflow
Released Date:
Jun 10 2008
Severity:
critical
CVE:
2008-1442
MS Bulletin:
ms08-031
Bugtraq:
29556

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit a heap-overrun vulnerability in Microsoft Internet Explorer.

A remote code-execution vulnerability exists in the way Internet Explorer displays a web page that contains certain unexpected method calls to HTML objects. An attacker could exploit the vulnerability by constructing a specially crafted web page. When a user views the web page, the vulnerability could allow remote code execution. An attacker who successfully exploits this vulnerability could gain the same user rights as the logged-on user.
 
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
 
Affected Products
Internet Explorer 6 SP1 when installed on Microsoft Windows 2000 SP4
Internet Explorer 6 for Windows XP SP2 and SP3
Internet Explorer 6 for Windows XP Professional x64 Edition and SP2
Internet Explorer 6 for Windows Server 2003 SP1 and SP2
Internet Explorer 6 for Windows Server 2003 x64 Edition and SP2
Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium-based Systems and SP2
Internet Explorer 7 for Windows XP SP2 and SP3
Internet Explorer 7 for Windows XP Professional x64 Edition and SP2
Internet Explorer 7 for Windows Server 2003 SP1 and SP2
Internet Explorer 7 for Windows Server 2003 x64 Edition and SP2
Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems and SP2
Internet Explorer 7 in Windows Vista and Internet Explorer 7 in Windows Vista SP1
Internet Explorer 7 in Windows Vista x64 Edition and SP1
Internet Explorer 7 in Windows Server 2008 for 32-bit Systems
Internet Explorer 7 in Windows Server 2008 for x64-based Systems
Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems
Aliases
References
http://www.microsoft.com/technet/security/Bulletin/ms08-031.mspx
http://www.securityfocus.com/bid/29556
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1442
Recommended Actions
Refer to the vendor's web site for the suggested workaround:
http://www.microsoft.com/technet/security/Bulletin/ms08-031.mspx

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED