Race condition

🗓️ 06 Jun 2007 21:30:00Reported by PRIOn knowledge baseType

Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability.

Reporter	Title	Published	Views	Family All 11
Check Point Advisories	Internet Explorer Cross Domain Document Switching (MS09-019; CVE-2007-3091)	9 Jun 200900:00	–	checkpoint_advisories
Check Point Advisories	Internet Explorer Cross Domain Document Switching (MS09-019) - Ver2 (CVE-2007-3091)	16 Apr 201400:00	–	checkpoint_advisories
CVE	CVE-2007-3091	6 Jun 200721:00	–	cve
Cvelist	CVE-2007-3091	6 Jun 200721:00	–	cvelist
NVD	CVE-2007-3091	6 Jun 200721:30	–	nvd
OpenVAS	Cumulative Security Update for Internet Explorer (969897)	10 Jun 200900:00	–	openvas
OpenVAS	Ubuntu USN-785-1 (ipsec-tools)	15 Jun 200900:00	–	openvas
OpenVAS	Cumulative Security Update for Internet Explorer (969897)	10 Jun 200900:00	–	openvas
Positive Technologies	PT-2007-4382 · Microsoft · Internet Explorer	6 Jun 200700:00	–	ptsecurity
securityvulns	Microsoft Internet Explorer multiple security vulnerabilities	11 Jun 200900:00	–	securityvulns

Source	Link
archives	www.archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html
lcamtuf	www.lcamtuf.coredump.cx/ierace/
kb	www.kb.cert.org/vuls/id/471361
securityfocus	www.securityfocus.com/bid/24283
securitytracker	www.securitytracker.com/id
secunia	www.secunia.com/advisories/25564
securityreason	www.securityreason.com/securityalert/2781
osvdb	www.osvdb.org/54944
vupen	www.vupen.com/english/advisories/2009/1538
us-cert	www.us-cert.gov/cas/techalerts/TA09-160A.html

07 Dec 2023 18:38Current

7.7High risk

Vulners AI Score7.7

EPSS0.18712