CVE-2007-3902
Microsoft Internet Explorer setExpression Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
Una vulnerabilidad de uso de memoria previamente liberada en la función CRecalcProperty en la biblioteca mshtml.dll en Microsoft Internet Explorer versiones 5.01 hasta 7, permite a atacantes remotos ejecutar código arbitrario mediante el llamado método setExpression y, a continuación, modificando la propiedad outerHTML de un elemento HTML, una variante de "Uninitialized Memory Corruption Vulnerability”.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists in the CRecalcProperty function in mshtml.dll. When rendering HTML after calling the setExpression methods, followed by a modification of the outerHTML property of a programatically created element. The vulnerable code dereferences a previously freed memory location which can be leveraged to execute arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-07-19 CVE Reserved
- 2007-12-11 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
- CWE-399: Resource Management Errors
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631 | Third Party Advisory | |
http://securitytracker.com/id?1019078 | Vdb Entry | |
http://www.securityfocus.com/archive/1/484887/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/26506 | Vdb Entry | |
http://www.us-cert.gov/cas/techalerts/TA07-345A.html | Third Party Advisory | |
http://www.zerodayinitiative.com/advisories/ZDI-07-073.html | X_refsource_misc | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/38713 | Vdb Entry | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582 | Signature |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/28036 | 2021-07-23 | |
http://www.securityfocus.com/archive/1/485268/100/0/threaded | 2021-07-23 | |
http://www.vupen.com/english/advisories/2007/4184 | 2021-07-23 | |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069 | 2021-07-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 5.x Search vendor "Microsoft" for product "Ie" and version "5.x" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6.0 Search vendor "Microsoft" for product "Ie" and version "6.0" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6.0 Search vendor "Microsoft" for product "Ie" and version "6.0" | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5 Search vendor "Microsoft" for product "Internet Explorer" and version "5" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.1 Search vendor "Microsoft" for product "Internet Explorer" and version "5.1" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01" | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01" | sp3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01" | sp4 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.2.3 Search vendor "Microsoft" for product "Internet Explorer" and version "5.2.3" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.5 Search vendor "Microsoft" for product "Internet Explorer" and version "5.5" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.5 Search vendor "Microsoft" for product "Internet Explorer" and version "5.5" | preview |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.5 Search vendor "Microsoft" for product "Internet Explorer" and version "5.5" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.5 Search vendor "Microsoft" for product "Internet Explorer" and version "5.5" | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0.2600 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2600" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0.2800 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2800" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0.2800.1106 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2800.1106" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0.2900 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2900" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0.2900.2180 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2900.2180" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7 Search vendor "Microsoft" for product "Internet Explorer" and version "7" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0" | beta |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0" | beta1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0" | beta2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0" | beta3 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7.0.5730.11 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0.5730.11" | - |
Affected
|