{"uuid": "26e2a6b8-33aa-4a7f-a64d-f5ce2e17cf44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2008-4844", "type": "seen", "source": "https://t.me/arpsyndicate/1639", "content": "#ExploitObserverAlert\n\nCVE-2008-4844\n\nDESCRIPTION: Exploit Observer has 22 entries related to CVE-2008-4844. Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.\n\nFIRST-EPSS: 0.972770000\nNVD-IS: 10.0\nNVD-ES: 8.6", "creation_timestamp": "2023-12-10T14:49:53.000000Z"}