• 공개일 : 2008-12-12
• 변경일 : 2012-01-10

• 위험도: 9.3
• 액세스 벡터 : NETWORK
• 액세스 복잡성 : 보통
• 인증 : 없음
• 기밀성 영향 : 전체
• 무결성 영향 : 전체
• 가용성 영향 : 전체
• 출처 : http://nvd.nist.gov
• 공개일 : 2008-12-12

Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.

• CERT, TA08-352A
• CERT, TA08-344A
• CERT-VN, VU#493881
• MS, MS08-078
• SECUNIA, 33089
• VUPEN, ADV-2008-3391
• SECTRACK, 1021381
• BID, 32721
• MISC, http://www.scanw.com/blog/archives/303
• MILW0RM, 7583
• MILW0RM, 7477
• MILW0RM, 7410
• MILW0RM, 7403
• CONFIRM, http://www.microsoft.com/technet/security/advisory/961051.mspx
• MISC, http://www.breakingpointsystems.com/community/blog/patch-tuesdays-and-dr..
• MISC, http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-..
• HP, SSRT080187
• HP, SSRT080187
• MISC, http://isc.sans.org/diary.html?storyid=5458
• MISC, http://code.google.com/p/inception-h2hc/
• MISC, http://blogs.msdn.com/sdl/archive/2008/12/18/ms08-078-and-the-sdl.aspx

• microsoft internet_explorer 6
• microsoft internet_explorer 6
• microsoft internet_explorer 7
• microsoft internet_explorer 5.01