CVE-2007-3902
7.3 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.55 Medium
EPSS
Percentile
97.6%
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of βUninitialized Memory Corruption Vulnerability.β
References
labs.idefense.com/intelligence/vulnerabilities/display.php?id=631
secunia.com/advisories/28036
securitytracker.com/id?1019078
www.securityfocus.com/archive/1/484887/100/0/threaded
www.securityfocus.com/archive/1/485268/100/0/threaded
www.securityfocus.com/bid/26506
www.us-cert.gov/cas/techalerts/TA07-345A.html
www.vupen.com/english/advisories/2007/4184
www.zerodayinitiative.com/advisories/ZDI-07-073.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069
exchange.xforce.ibmcloud.com/vulnerabilities/38713
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582
Related
7.3 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.55 Medium
EPSS
Percentile
97.6%