CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.8%
Added: 12/12/2008
CVE: CVE-2008-4844
BID: 32721
OSVDB: 50622
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
A data binding error allows command execution when a user loads specially crafted XML code containing nested SPAN tags, resulting in accessing of memory space of a deleted object.
Apply one of the workarounds suggested in Microsoft Security Advisory 961051.
<http://www.kb.cert.org/vuls/id/493881>
Exploit works on Internet Explorer 7 and requires a user to load the exploit page.
The reliability of this exploit may depend upon the system’s memory state.
Windows