CVE-2007-0944

Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."

Vulnerabilidad no especificada en el método CTableCol::OnPropertyChange de Microsoft Internet Explorer 5.01 SP4 en Windows 2000 SP4; 6 SP1 en Windows 2000 SP4; y 6 en Windows XP SP2, o Windows Server 2003 SP1 o SP2 permite a atacantes remotos ejecutar código de su elección llamando a deleteCell en una fila de tabla con nombre, y después accediendo a la columna, lo cual provoca que Internet Explorer acceda a objetos previamente borrados, también conocida como "Vulnerabilidad de Corrupción de Memoria No Inicializada".

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists in the CTableCol::OnPropertyChange() method. When a named table row in HTML contains a named table column, then calls the deleteCell() JavaScript method, any property of the table column, existing or not, accessed after the deletion takes place will trigger an exploitable memory corruption.

*Credits: Anonymous

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-02-14 CVE Reserved
2007-05-08 CVE Published
2024-08-07 CVE Updated
2024-11-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (12)

URL	Tag	Source
http://secunia.com/advisories/23769	Third Party Advisory
http://www.osvdb.org/34400	Vdb Entry
http://www.securityfocus.com/archive/1/467989/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/23771	Vdb Entry
http://www.securitytracker.com/id?1018019	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA07-128A.html	Third Party Advisory
http://www.vupen.com/english/advisories/2007/1712	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/33253	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1722	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.securityfocus.com/archive/1/468871/100/200/threaded	2021-07-23
http://www.zerodayinitiative.com/advisories/ZDI-07-027.html	2021-07-23
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027	2021-07-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01"	sp4	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2000 Search vendor "Microsoft" for product "Windows 2000"	*	sp4	Safe
Microsoft Search vendor "Microsoft"	Ie Search vendor "Microsoft" for product "Ie"	6.0 Search vendor "Microsoft" for product "Ie" and version "6.0"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2000 Search vendor "Microsoft" for product "Windows 2000"	*	sp4	Safe
Microsoft Search vendor "Microsoft"	Ie Search vendor "Microsoft" for product "Ie"	6.0 Search vendor "Microsoft" for product "Ie" and version "6.0"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp2	Safe
Microsoft Search vendor "Microsoft"	Ie Search vendor "Microsoft" for product "Ie"	6.0 Search vendor "Microsoft" for product "Ie" and version "6.0"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server"	sp2 Search vendor "Microsoft" for product "Windows 2003 Server" and version "sp2"	-	Safe
Microsoft Search vendor "Microsoft"	Ie Search vendor "Microsoft" for product "Ie"	6.0 Search vendor "Microsoft" for product "Ie" and version "6.0"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server"	sp1 Search vendor "Microsoft" for product "Windows 2003 Server" and version "sp1"	-	Safe