Lucene search

[email protected]NVD:CVE-2007-3902

HistoryDec 12, 2007 - 12:46 a.m.

CVE-2007-3902

2007-12-1200:46:00

CWE-399

CWE-189

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.66 Medium

EPSS

Percentile

97.9%

JSON

Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of “Uninitialized Memory Corruption Vulnerability.”

Affected configurations

NVD

Node

microsoftieMatch5.x

microsoftieMatch6.0sp1

microsoftieMatch6.0sp2

microsoftinternet_explorerMatch5

microsoftinternet_explorerMatch5.01

microsoftinternet_explorerMatch5.1

microsoftinternet_explorerMatch5.01sp1

microsoftinternet_explorerMatch5.01sp2

microsoftinternet_explorerMatch5.01sp3

microsoftinternet_explorerMatch5.01sp4

microsoftinternet_explorerMatch5.2.3

microsoftinternet_explorerMatch5.5

microsoftinternet_explorerMatch5.5preview

microsoftinternet_explorerMatch5.5sp1

microsoftinternet_explorerMatch5.5sp2

microsoftinternet_explorerMatch6

microsoftinternet_explorerMatch6sp1

microsoftinternet_explorerMatch6.0

microsoftinternet_explorerMatch6.0.2600

microsoftinternet_explorerMatch6.0.2800

microsoftinternet_explorerMatch6.0.2800.1106

microsoftinternet_explorerMatch6.0.2900

microsoftinternet_explorerMatch6.0.2900.2180

microsoftinternet_explorerMatch7

microsoftinternet_explorerMatch7.0

microsoftinternet_explorerMatch7.0beta

microsoftinternet_explorerMatch7.0beta1

microsoftinternet_explorerMatch7.0beta2

microsoftinternet_explorerMatch7.0beta3

microsoftinternet_explorerMatch7.0.5730.11

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=631

secunia.com/advisories/28036

securitytracker.com/id?1019078

www.securityfocus.com/archive/1/484887/100/0/threaded

www.securityfocus.com/archive/1/485268/100/0/threaded

www.securityfocus.com/bid/26506

www.us-cert.gov/cas/techalerts/TA07-345A.html

www.vupen.com/english/advisories/2007/4184

www.zerodayinitiative.com/advisories/ZDI-07-073.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069

exchange.xforce.ibmcloud.com/vulnerabilities/38713

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.66 Medium

EPSS

Percentile

97.9%

JSON

Related for NVD:CVE-2007-3902

checkpoint_advisories1 securityvulns4 cvelist3 zdi1 seebug1 cve3 prion3 nvd2 openvas2 nessus1