CVE-2008-3475

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka Uninitialized Memory Corruption Vulnerability.

Weakness

The product uses or accesses a resource that has not been initialized.

Affected Software

Name	Vendor	Start Version	End Version
Internet_explorer	Microsoft	5.01-sp4 (including)	5.01-sp4 (including)
Internet_explorer	Microsoft	6-sp1 (including)	6-sp1 (including)

Potential Mitigations

References

http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html
http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2
http://www.securityfocus.com/archive/1/497380/100/0/threaded
http://www.securityfocus.com/bid/31617
http://www.securitytracker.com/id?1021047
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
http://www.vupen.com/english/advisories/2008/2809
http://www.zerodayinitiative.com/advisories/ZDI-08-069/
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058
https://exchange.xforce.ibmcloud.com/vulnerabilities/45563
https://exchange.xforce.ibmcloud.com/vulnerabilities/45565
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-3475
CWE	https://cwe.mitre.org/data/definitions/908.html

Use of Uninitialized Resource

Weakness

Affected Software

Potential Mitigations

References