<< Back
CVE Number Vulnerability Product Severity Date
MS08-078 Security Update for Internet Explorer (960714) Microsoft Internet High 18-12-2008

Technical Information

Brief overview of the risk:
A remote code execution vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object’s memory space. This can cause Internet Explorer to exit expectedly, in a state that is exploitable.
Detailed Information on the risk:
This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Further information on this exploit is available at : MS08-078

Affected Software

Microsoft Internet Explorer 5.01 Service Pack 4
Microsoft Internet Explorer 6
Microsoft Internet Explorer 6 Service Pack 1
Windows Internet Explorer 7