CVE-2007-5347

2007-12-1200:46:00

CWE-399

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

microsoft

internet explorer

dhtml

object

memory corruption

cve-2007-5347

security vulnerability

nvd

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.559 Medium

EPSS

Percentile

97.7%

JSON

Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via “unexpected method calls to HTML objects,” aka “DHTML Object Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq5
microsoft:iemicrosoft ieeq6.0
microsoft:internet_explorermicrosoft internet explorereq6
microsoft:internet_explorermicrosoft internet explorereq5.01
microsoft:iemicrosoft ieeq5.x
microsoft:internet_explorermicrosoft internet explorereq7
microsoft:internet_explorermicrosoft internet explorereq5.5
microsoft:internet_explorermicrosoft internet explorereq5.1
microsoft:internet_explorermicrosoft internet explorereq5.2.3
microsoft:internet_explorermicrosoft internet explorereq6.0.2600

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	5
microsoft:ie	microsoft ie	eq	6.0
microsoft:internet_explorer	microsoft internet explorer	eq	6
microsoft:internet_explorer	microsoft internet explorer	eq	5.01
microsoft:ie	microsoft ie	eq	5.x
microsoft:internet_explorer	microsoft internet explorer	eq	7
microsoft:internet_explorer	microsoft internet explorer	eq	5.5
microsoft:internet_explorer	microsoft internet explorer	eq	5.1
microsoft:internet_explorer	microsoft internet explorer	eq	5.2.3
microsoft:internet_explorer	microsoft internet explorer	eq	6.0.2600