Microsoft Internet Explorer setExpression远程代码漏洞

CVE ID:CVE-2007-3902 CNCVE ID:CNCVE-20073902 Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer处理CRecalcProperty函数存在内存破坏问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 问题存在于mshtml.dll的CRecalcProperty函数中，当在调用setExpressio方法后渲染HTML，之后跟随编程化建立元素的outerHTML属性的修改，有问题代码会引用之前释放的内存地址而导致代码执行。 Microsoft...

iDefense Security Advisory 12.11.07: Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability

iDefense Security Advisory 12.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 11, 2007 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. and included as part of Microsoft Windows since 1995. The setExpression method is commonly used to assign...