Microsoft Internet Explorer setExpression远程代码漏洞

CVE ID:CVE-2007-3902 CNCVE ID:CNCVE-20073902 Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer处理CRecalcProperty函数存在内存破坏问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 问题存在于mshtml.dll的CRecalcProperty函数中，当在调用setExpressio方法后渲染HTML，之后跟随编程化建立元素的outerHTML属性的修改，有问题代码会引用之前释放的内存地址而导致代码执行。 Microsoft...

ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability

ZDI-07-073: Microsoft Internet Explorer setExpression Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-073.html December 11, 2007 -- CVE ID: CVE-2007-3902 -- Affected Vendor: Microsoft -- Affected Products: Internet Explorer 5.01 SP4 Internet Explorer 6 Internet...

Microsoft Internet Explorer setExpression Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the CRecalcProperty function in...