Published: 11/12/2008 Updated: 12/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 945

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote malicious users to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft internet_explorer 6
microsoft internet_explorer 5.01
microsoft internet_explorer 7

<html> <script> // k`sOSe 12/10/2008 // Tested on Vista SP1, Explorer 70600118000 and Vista SP0, Explorer 70600016386 // Heap spray address adjusted for Vista - muts / offensive-securitycom // secmaniacblogspotcom/2008/12/ms-internet-explorer-xml-parsing-remotehtml // wwwoffensive-securitycom/0day/iesplo ...

// k`sOSe 12/10/2008 - tested on winxp sp3, explorer 70573013 // windows/exec - 141 bytes // wwwmetasploitcom // EXITFUNC=seh, CMD=C:\WINDOWS\system32\calcexe githubcom/offensive-security ...

## # $Id: ms08_078_xml_corruptionrb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core ...

Python library for ReversingLabs services - Python 3 version.

ReversingLabsSDK A Python SDK for ReversingLabs REST services (TitaniumCloud and appliances) - Python 3 version The idea behind this SDK is to enable easier out-of-the-box development of software integrations and automation services that need to interact with ReversingLabs The SDK consists of several modules, where each module represents either one ReversingLabs service, Reve

CWE-399 http://secunia.com/advisories/33089 http://www.securityfocus.com/bid/32721 http://www.microsoft.com/technet/security/advisory/961051.mspx http://www.breakingpointsystems.com/community/blog/patch-tuesdays-and-drive-by-sundays http://www.kb.cert.org/vuls/id/493881 http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/http://www.scanw.com/blog/archives/303 http://isc.sans.org/diary.html?storyid=5458 http://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx http://www.us-cert.gov/cas/techalerts/TA08-344A.html http://www.us-cert.gov/cas/techalerts/TA08-352A.html http://www.securitytracker.com/id?1021381 http://marc.info/?l=bugtraq&m=123015308222620&w=2 http://www.vupen.com/english/advisories/2008/3391 http://code.google.com/p/inception-h2hc/https://www.exploit-db.com/exploits/7583 https://www.exploit-db.com/exploits/7477 https://www.exploit-db.com/exploits/7410 https://www.exploit-db.com/exploits/7403 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6007 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-078 https://nvd.nist.gov https://github.com/reversinglabs/reversinglabs-sdk-py3 https://www.exploit-db.com/exploits/7410/https://www.kb.cert.org/vuls/id/493881

CVE-2008-4844

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect