National Cyber-Alert System

Vulnerability Summary for CVE-2008-4844

Overview

Use-after-free vulnerability in mshtml.dll in Microsoft Internet Explorer 5.01, 6, and 7 on Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a crafted XML document containing nested SPAN elements, as exploited in the wild in December 2008.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA08-352A

Name: TA08-352A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA08-352A.html

US-CERT Technical Alert: TA08-344A

Name: TA08-344A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA08-344A.html

US-CERT Vulnerability Note: VU#493881

Name: VU#493881

Hyperlink:http://www.kb.cert.org/vuls/id/493881

External Source: MS

Name: MS08-078

Type: Advisory; Patch Information

Hyperlink:http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

External Source: SECUNIA

Name: 33089

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/33089

External Source: SECTRACK

Name: 1021381

Hyperlink:http://www.securitytracker.com/id?1021381

External Source: BID

Name: 32721

Hyperlink:http://www.securityfocus.com/bid/32721

External Source: MISC

Name: http://www.scanw.com/blog/archives/303

Hyperlink:http://www.scanw.com/blog/archives/303

External Source: MILW0RM

Name: 7583

Hyperlink:http://www.milw0rm.com/exploits/7583

External Source: MILW0RM

Name: 7477

Hyperlink:http://www.milw0rm.com/exploits/7477

External Source: MILW0RM

Name: 7410

Hyperlink:http://www.milw0rm.com/exploits/7410

External Source: MILW0RM

Name: 7403

Hyperlink:http://www.milw0rm.com/exploits/7403

External Source: CONFIRM

Name: http://www.microsoft.com/technet/security/advisory/961051.mspx

Type: Advisory

Hyperlink:http://www.microsoft.com/technet/security/advisory/961051.mspx

External Source: VUPEN

Name: ADV-2008-3391

Type: Advisory

Hyperlink:http://www.frsirt.com/english/advisories/2008/3391

External Source: MISC

Name: http://www.breakingpointsystems.com/community/blog/patch-tuesdays-and-drive-by-sundays

Hyperlink:http://www.breakingpointsystems.com/community/blog/patch-tuesdays-and-drive-by-sundays

External Source: MISC

Name: http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/

Hyperlink:http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/

External Source: OVAL

Name: oval:org.mitre.oval:def:6007

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6007

External Source: HP

Name: SSRT080187

Hyperlink:http://marc.info/?l=bugtraq&m=123015308222620&w=2

External Source: HP

Name: SSRT080187

Hyperlink:http://marc.info/?l=bugtraq&m=123015308222620&w=2

External Source: MISC

Name: http://isc.sans.org/diary.html?storyid=5458

Hyperlink:http://isc.sans.org/diary.html?storyid=5458

External Source: MISC

Name: http://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx

Hyperlink:http://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx