CVE-2008-1085

Currently unrated

Key Information:

Vendor: Microsoft
Status: Ie; Internet Explorer
Vendor: CVE Published:; 8 April 2008

Summary

Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.

References

http://www.us-cert.gov/cas/techalerts/TA08-099A.html

third-party-advisoryx_refsource_CERT

http://marc.info/?l=bugtraq&m=120845064910729&w=2

vendor-advisoryx_refsource_HP

http://www.vupen.com/english/advisories/2008/1148/references

vdb-entryx_refsource_VUPEN

EPSS Score

81% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 8, 2008
Vulnerability Reserved
Feb 28, 2008

Collectors

NVD DatabaseMitre Database