CVE-2008-5538

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
0.3%
Exploitation probability in 30 days
Top 47% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: December 12, 2008 (6362 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

CWE

CWE-20

Affected Products

prevx prevx1

References

🔗 securityreason.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com 🔗 exchange.xforce.ibmcloud.com 🔗 securityreason.com