>> Microsoft Internet Explorer Command Execution Vulnerabilities (MS08-010)
Title : Microsoft Internet Explorer Command Execution Vulnerabilities (MS08-010) VUPEN ID : VUPEN/ADV-2008-0512 CVE ID : CVE-2007-4790 - CVE-2008-0076 - CVE-2008-0077 - CVE-2008-0078
Rated as : Critical
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2008-02-12
Technical Description
Multiple vulnerabilities have been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system.
The first issue is caused by a memory corruption error when processing specially crafted Web pages with certain HTML layout combinations, which could be exploited by attackers to crash an affected browser or execute arbitrary code via a malicious web page.
The second vulnerability is caused by a memory corruption error when calling the property method, which could be exploited by remote attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.
The third issue is caused by a memory corruption error in the "dxtmsft.dll" ActiveX control when handling certain images, which could be exploited by attackers to crash an affected browser or execute arbitrary code via a malicious web page.
The fourth vulnerability is caused by memory corruption errors when using the "Foxtlib.ocx" and "Fpole.ocx" ActiveX controls, which could be exploited by remote attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
