High severity8.8NVD Advisory· Published Oct 15, 2008· Updated Apr 23, 2026
CVE-2008-3475
CVE-2008-3475
Description
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."
Affected products
4cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:-:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- www.securityfocus.com/bid/31617nvdBroken LinkPatchThird Party AdvisoryVDB Entry
- docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058nvdPatchVendor Advisory
- ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.htmlnvdIssue TrackingThird Party Advisory
- www.securityfocus.com/archive/1/497380/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA08-288A.htmlnvdBroken LinkThird Party AdvisoryUS Government Resource
- www.zerodayinitiative.com/advisories/ZDI-08-069/nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/45563nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/45565nvdThird Party AdvisoryVDB Entry
- marc.infonvdMailing List
- www.vupen.com/english/advisories/2008/2809nvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151nvdBroken Link
News mentions
0No linked articles in our index yet.