CVE-2008-4844
CVE-2008-4844
Vexday Risk Score
72Prioridad alta
Decisión SSVC (CISA)
Act
Explotación + impacto → acción inmediata
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS —EPSS 66.5%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado
Ciclo de vida
07 dic 2008Exploit Metasploit disponible
11 dic 2008Publicada en NVD
20 sep 2010PoC pública
Velocidad de armamento
647 díashasta el primer PoC
Recomendación: Corregir cuanto antes — hay explotación activa confirmada.
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
Productos afectados
n/a · n/aPoCs públicas encontradas — 5
cve_referencewww.exploit-db.com/exploits/7477no verificadocve_referencewww.exploit-db.com/exploits/7583no verificadocve_referencewww.exploit-db.com/exploits/7410no verificadoexploitdbwww.exploit-db.com/exploits/16583no verificadocve_referencewww.exploit-db.com/exploits/7403no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
Referencias
http://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspxhttp://code.google.com/p/inception-h2hc/http://isc.sans.org/diary.html?storyid=5458http://marc.info/?l=bugtraq&m=123015308222620&w=2https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-078http://secunia.com/advisories/33089https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6007https://www.exploit-db.com/exploits/7403https://www.exploit-db.com/exploits/7410https://www.exploit-db.com/exploits/7477https://www.exploit-db.com/exploits/7583http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/