CVE		CVE-2008-3475
Статус		Candidate
Описание		Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."
Важность		High
CVSS score		9,3
CVSS vector		(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Phase		Assigned (26.01.2012)
NVD:		http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3475
References		BID : 31617
		BUGTRAQ : 20081015 Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution
		CERT : TA08-288A
		HP : HPSBST02379
		HP : SSRT080143
		MISC : http://ifsec.blogspot.com/2008/10/internet-explore...
		MISC : http://www.zerodayinitiative.com/advisories/ZDI-08...
		MS : MS08-058
		SECTRACK : 1021047
		VUPEN : ADV-2008-2809
		XF : ie-uninitialized-objects-code-execution(45563)
		XF : win-ms08kb956390-update(45565)
SecurityVulns:		Многочисленные уязвимости безопасности в Microsoft Internet Explorer