Test Kennung:	1.3.6.1.4.1.25623.1.0.900054
Kategorie:	Windows : Microsoft Bulletins
Titel:	Cumulative Security Update for Internet Explorer (956390)
Zusammenfassung:	This host is missing critical security update according to; Microsoft Bulletin MS08-058.
Beschreibung:	Summary: This host is missing critical security update according to Microsoft Bulletin MS08-058. Vulnerability Insight: Multiple flaws are due to: - the browser incorrectly interpreting the origin of scripts when setting the Window location object. - the browser incorrectly interpreting the origin of scripts when handling certain HTML elements. - the browser incorrectly interpreting the origin of scripts when handling certain events. - a memory corruption error when the browser attempts to access an object which has not been initialized or has been deleted. - a memory corruption error when the browser attempts to access uninitialized memory while processing certain HTML objects. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code via a malicious web page and can gain access to a browser window in another domain leading read cookies or cross domain scripting attacks. Affected Software/OS: Internet Explorer 5.01 & 6 on MS Windows 2000 Internet Explorer 6 on MS Windows 2003 and XP Internet Explorer 7 on MS Windows 2003 and XP Internet Explorer 7 on MS Windows 2008 and Vista Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2947 BugTraq ID: 29960 http://www.securityfocus.com/bid/29960 Cert/CC Advisory: TA08-288A http://www.us-cert.gov/cas/techalerts/TA08-288A.html CERT/CC vulnerability note: VU#923508 http://www.kb.cert.org/vuls/id/923508 HPdes Security Advisory: HPSBST02379 http://marc.info/?l=bugtraq&m=122479227205998&w=2 HPdes Security Advisory: SSRT080143 http://blogs.zdnet.com/security/?p=1348 http://www.ph4nt0m.org-a.googlepages.com/PSTZine_0x02_0x04.txt Microsoft Security Bulletin: MS08-058 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-058 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5901 http://www.securitytracker.com/id?1020382 http://secunia.com/advisories/30857 http://www.vupen.com/english/advisories/2008/1940/references http://www.vupen.com/english/advisories/2008/2809 XForce ISS Database: ie-location-locationhref-security-bypass(43366) https://exchange.xforce.ibmcloud.com/vulnerabilities/43366 XForce ISS Database: win-ms08kb956390-update(45565) https://exchange.xforce.ibmcloud.com/vulnerabilities/45565 Common Vulnerability Exposure (CVE) ID: CVE-2008-3472 BugTraq ID: 31615 http://www.securityfocus.com/bid/31615 BugTraq ID: 31654 http://www.securityfocus.com/bid/31654 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12364 http://www.securitytracker.com/id?1021047 XForce ISS Database: ie-element-security-bypass(45558) https://exchange.xforce.ibmcloud.com/vulnerabilities/45558 Common Vulnerability Exposure (CVE) ID: CVE-2008-3473 BugTraq ID: 31616 http://www.securityfocus.com/bid/31616 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13255 XForce ISS Database: ie-event-security-bypass(45562) https://exchange.xforce.ibmcloud.com/vulnerabilities/45562 Common Vulnerability Exposure (CVE) ID: CVE-2008-3474 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13299 XForce ISS Database: ie-script-origin-information-disclosure(45854) https://exchange.xforce.ibmcloud.com/vulnerabilities/45854 Common Vulnerability Exposure (CVE) ID: CVE-2008-3475 BugTraq ID: 31617 http://www.securityfocus.com/bid/31617 Bugtraq: 20081015 Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution (Google Search) http://www.securityfocus.com/archive/1/497380/100/0/threaded http://ifsec.blogspot.com/2008/10/internet-explorer-6-componentfrompoint.html http://www.zerodayinitiative.com/advisories/ZDI-08-069/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13151 XForce ISS Database: ie-uninitialized-objects-code-execution(45563) https://exchange.xforce.ibmcloud.com/vulnerabilities/45563 Common Vulnerability Exposure (CVE) ID: CVE-2008-3476 BugTraq ID: 31618 http://www.securityfocus.com/bid/31618 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13344 XForce ISS Database: ie-unit-memory-code-execution(45564) https://exchange.xforce.ibmcloud.com/vulnerabilities/45564
Copyright	Copyright (C) 2008 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.