CVE-2008-3475

high

Microsoft

CVSS v3 Base Score

8.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

59.2%

Exploitation probability in 30 days

Top 2% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

High

Integrity

High

Availability

High

Published: October 15, 2008 (6420 days ago)

Last Modified: April 23, 2026

Vendor: Microsoft

Source: NVD

Description

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."

CWE

CWE-908

Affected Products

microsoft internet explorer

References

🔗 ifsec.blogspot.com 🔗 marc.info 🔗 www.securityfocus.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com

CVE-2008-3475

Vulnerability Report

Description

CWE

Affected Products

References