CVE-2007-3903

Microsoft Internet Explorer Node Manipulation Memory Corruption Vulnerability

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."

Microsoft Internet Explorer versiones 6 y 7, permite a los atacantes remotos ejecutar código arbitrario por medio de objetos no inicializados o eliminados usados en llamadas repetidas a la función de JavaScript (1) cloneNode o (2) nodeValue, un problema diferente de CVE-2007-3902 y CVE-2007-5344, una variante de "Uninitialized Memory Corruption Vulnerability".

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The flaw exists due to improper use of the "cloneNode" and "nodeValue" javascript functions. When a specially crafted element is used during a repetitive call to one of these functions memory corruption can occur leading to remote code execution.

*Credits: Sam Thomas

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-07-19 CVE Reserved
2007-12-11 CVE Published
2024-08-07 CVE Updated
2024-09-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors

CAPEC

References (11)

URL	Tag	Source
http://securitytracker.com/id?1019078	Vdb Entry
http://www.securityfocus.com/archive/1/484888/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/26816	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA07-345A.html	Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-07-074.html	X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/38714	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/28036	2021-07-23
http://www.securityfocus.com/archive/1/485268/100/0/threaded	2021-07-23
http://www.vupen.com/english/advisories/2007/4184	2021-07-23
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069	2021-07-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Ie Search vendor "Microsoft" for product "Ie"				6.0 Search vendor "Microsoft" for product "Ie" and version "6.0"		sp1		Affected
Microsoft Search vendor "Microsoft"		Ie Search vendor "Microsoft" for product "Ie"				6.0 Search vendor "Microsoft" for product "Ie" and version "6.0"		sp2		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"		sp1		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				6.0 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0"		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				6.0.2600 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2600"		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				6.0.2800 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2800"		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				6.0.2800.1106 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2800.1106"		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				6.0.2900 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2900"		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				6.0.2900.2180 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2900.2180"		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"		beta		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"		beta1		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"		beta2		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0"		beta3		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				7.0.5730.11 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0.5730.11"		-		Affected