CVE-2008-3475 | Microsoft Internet Explorer 6 - componentFromPoint method Operational Intel

Executive Risk Summary

"A vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted HTML document, specifically by exploiting the componentFromPoint method on xml objects that have been incorrectly initialized or deleted. This vulnerability can lead to unauthorized access and control of the affected system."

Anticipated Attack Path

1. Initial Exploitation: Attacker crafts a malicious HTML document
2. Privilege Escalation: Exploitation of the componentFromPoint method leads to arbitrary code execution
3. Persistence and Lateral Movement: Attacker gains control of the system and potentially spreads to other systems

Am I Vulnerable?

Verify if Internet Explorer 6 is installed and in use
Check for the presence of the MS08-058 patch
Monitor system logs for suspicious activity related to Internet Explorer

Operational Audit Arsenal

Target Type Process

Target Asset iexplore.exe

Standard Path C:\Program Files\Internet Explorer

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: iexplore.exe (Process)
$Targets = 'iexplore.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

Moderate, as the patch may require a system restart and could potentially cause issues with certain web applications

Internal Work Notes

Apply MS08-058 patch to vulnerable Internet Explorer 6 installations to prevent arbitrary code execution and potential system compromise. PowerShell audit one-liner: Get-HotFix -Id 'KB956390' -ErrorAction SilentlyContinue

Technical Intelligence & Operational Utilities • Delivered Weekly