Use-after-free Vulnerability in Microsoft Internet Explorer Versions
CVE-2008-1085

Currently unrated

Key Information:

Vendor: Microsoft
Status: Ie; Internet Explorer
Vendor: CVE Published:; 8 April 2008

Summary

A use-after-free vulnerability in Microsoft Internet Explorer versions 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code. This exploitation occurs through a specially crafted data stream that triggers memory corruption, particularly when an invalid MIME-type is used that lacks a registered handler. Successful exploitation of this flaw can have severe consequences, as it enables attackers to manipulate system memory, potentially leading to system compromise.

References

http://www.us-cert.gov/cas/techalerts/TA08-099A.html

third-party-advisoryx_refsource_CERT

http://marc.info/?l=bugtraq&m=120845064910729&w=2

vendor-advisoryx_refsource_HP

http://www.vupen.com/english/advisories/2008/1148/references

vdb-entryx_refsource_VUPEN

EPSS Score

50% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 8, 2008
Vulnerability Reserved
Feb 28, 2008