Lucene search

[email protected]NVD:CVE-2007-5344

HistoryDec 12, 2007 - 12:46 a.m.

CVE-2007-5344

2007-12-1200:46:00

CWE-94

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.822 High

EPSS

Percentile

98.4%

JSON

Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of “Uninitialized Memory Corruption Vulnerability.”

Affected configurations

NVD

Node

microsoftieMatch5.x

microsoftieMatch6.0sp1

microsoftieMatch6.0sp2

microsoftinternet_explorerMatch5

microsoftinternet_explorerMatch5.01

microsoftinternet_explorerMatch5.1

microsoftinternet_explorerMatch5.01sp1

microsoftinternet_explorerMatch5.01sp2

microsoftinternet_explorerMatch5.01sp3

microsoftinternet_explorerMatch5.01sp4

microsoftinternet_explorerMatch5.2.3

microsoftinternet_explorerMatch5.5

microsoftinternet_explorerMatch5.5preview

microsoftinternet_explorerMatch5.5sp1

microsoftinternet_explorerMatch5.5sp2

microsoftinternet_explorerMatch6

microsoftinternet_explorerMatch6sp1

microsoftinternet_explorerMatch6.0

microsoftinternet_explorerMatch6.0.2600

microsoftinternet_explorerMatch6.0.2800

microsoftinternet_explorerMatch6.0.2800.1106

microsoftinternet_explorerMatch6.0.2900

microsoftinternet_explorerMatch6.0.2900.2180

microsoftinternet_explorerMatch7

microsoftinternet_explorerMatch7.0

microsoftinternet_explorerMatch7.0beta

microsoftinternet_explorerMatch7.0beta1

microsoftinternet_explorerMatch7.0beta2

microsoftinternet_explorerMatch7.0beta3

microsoftinternet_explorerMatch7.0.5730.11

References

secunia.com/advisories/28036

securitytracker.com/id?1019078

www.securityfocus.com/archive/1/484890/100/100/threaded

www.securityfocus.com/archive/1/485268/100/0/threaded

www.securityfocus.com/bid/26817

www.us-cert.gov/cas/techalerts/TA07-345A.html

www.vupen.com/english/advisories/2007/4184

www.zerodayinitiative.com/advisories/ZDI-07-075.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069

exchange.xforce.ibmcloud.com/vulnerabilities/38715

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.822 High

EPSS

Percentile

98.4%

JSON

Related for NVD:CVE-2007-5344

nvd2 prion3 cvelist3 cve3 securityvulns6 openvas2 nessus1 checkpoint_advisories3 zdi3 seebug1