High severity8.8NVD Advisory· Published Oct 15, 2008· Updated Jun 16, 2026
CVE-2008-3475
CVE-2008-3475
Description
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:-:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
- (no CPE)range: 6
Patches
Vulnerability mechanics
References
12- www.securityfocus.com/bid/31617nvdBroken LinkPatchThird Party AdvisoryVDB Entry
- docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058nvdPatchVendor Advisory
- ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.htmlnvdIssue TrackingThird Party Advisory
- www.securityfocus.com/archive/1/497380/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA08-288A.htmlnvdBroken LinkThird Party AdvisoryUS Government Resource
- www.zerodayinitiative.com/advisories/ZDI-08-069/nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/45563nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/45565nvdThird Party AdvisoryVDB Entry
- marc.infonvdMailing List
- www.vupen.com/english/advisories/2008/2809nvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151nvdBroken Link
News mentions
0No linked articles in our index yet.