Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.5767
Percentile: 0.98043

CVSS Scoring

Mapped CWE(s)

• CWE-908 : Use of Uninitialized Resource

Affected Products

• cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
• cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
• cpe:2.3:a:microsoft:internet_explorer:6:-:*:*:*:*:*:*
• cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*

← Back to Home