// For flags

CVE-2007-3902

Microsoft Internet Explorer setExpression Code Execution Vulnerability

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."

Una vulnerabilidad de uso de memoria previamente liberada en la función CRecalcProperty en la biblioteca mshtml.dll en Microsoft Internet Explorer versiones 5.01 hasta 7, permite a atacantes remotos ejecutar código arbitrario mediante el llamado método setExpression y, a continuación, modificando la propiedad outerHTML de un elemento HTML, una variante de "Uninitialized Memory Corruption Vulnerability”.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists in the CRecalcProperty function in mshtml.dll. When rendering HTML after calling the setExpression methods, followed by a modification of the outerHTML property of a programatically created element. The vulnerable code dereferences a previously freed memory location which can be leveraged to execute arbitrary code.

*Credits: Anonymous
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-07-19 CVE Reserved
  • 2007-12-11 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-10-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
  • CWE-399: Resource Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
5.x
Search vendor "Microsoft" for product "Ie" and version "5.x"
-
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6.0
Search vendor "Microsoft" for product "Ie" and version "6.0"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6.0
Search vendor "Microsoft" for product "Ie" and version "6.0"
sp2
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
5
Search vendor "Microsoft" for product "Internet Explorer" and version "5"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
5.01
Search vendor "Microsoft" for product "Internet Explorer" and version "5.01"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
5.1
Search vendor "Microsoft" for product "Internet Explorer" and version "5.1"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
5.01
Search vendor "Microsoft" for product "Internet Explorer" and version "5.01"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
5.01
Search vendor "Microsoft" for product "Internet Explorer" and version "5.01"
sp2
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
5.01
Search vendor "Microsoft" for product "Internet Explorer" and version "5.01"
sp3
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
5.01
Search vendor "Microsoft" for product "Internet Explorer" and version "5.01"
sp4
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
5.2.3
Search vendor "Microsoft" for product "Internet Explorer" and version "5.2.3"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
5.5
Search vendor "Microsoft" for product "Internet Explorer" and version "5.5"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
5.5
Search vendor "Microsoft" for product "Internet Explorer" and version "5.5"
preview
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
5.5
Search vendor "Microsoft" for product "Internet Explorer" and version "5.5"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
5.5
Search vendor "Microsoft" for product "Internet Explorer" and version "5.5"
sp2
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6.0
Search vendor "Microsoft" for product "Internet Explorer" and version "6.0"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6.0.2600
Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2600"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6.0.2800
Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2800"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6.0.2800.1106
Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2800.1106"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6.0.2900
Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2900"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6.0.2900.2180
Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2900.2180"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7.0
Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7.0
Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"
beta
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7.0
Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"
beta1
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7.0
Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"
beta2
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7.0
Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"
beta3
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7.0.5730.11
Search vendor "Microsoft" for product "Internet Explorer" and version "7.0.5730.11"
-
Affected