Name:
MS.IE.XML.Data.Binding.Memory.Corruption
Released Date:
Dec 12 2008
Severity:
critical
CVE:
2008-4844
MS Bulletin:
ms08-078
Bugtraq:
32721

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attack attempt to exploit a vulnerability in Microsoft Internet Explorer.

The vulnerability is due to the way Microsoft IE handles HTML files that contain specially crafted XML data. A remote attacker may exploit this to execute arbitrary code.
 
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
 
Affected Products
Microsoft IE 5.01
Microsoft IE 6 SP1
Microsoft IE 6
Microsoft IE 7
Aliases
References
http://www.microsoft.com/technet/security/Bulletin/ms08-078.mspx
http://www.securityfocus.com/bid/32721
http://www.frsirt.com/english/advisories/2008/3391
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-4844
http://milw0rm.com/exploits/7403
http://milw0rm.com/exploits/7477
http://milw0rm.com/exploits/7410
http://www.microsoft.com/technet/security/advisory/961051.mspx
http://huaidan.org/archives/2577.html
Recommended Actions
Apply the patch, available from the vendor's website:
http://www.microsoft.com/technet/security/Bulletin/MS08-078.mspx

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED