CVE-2007-5344
Microsoft Internet Explorer Element Tags Vulnerability
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."
Microsoft Internet Explorer versiones 5.01 hasta 7, permite a los atacantes remotos ejecutar código arbitrario por medio de un sitio web diseñado usando Javascript que crea, modifica, elimina y accede a objetos de documento utilizando la propiedad tags, que desencadena una corrupción de pila, relacionada con objetos no inicializados o eliminados, un problema diferente de CVE-2007-3902 y CVE-2007-3903, y una variante de "Uninitialized Memory Corruption Vulnerability".
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists in the handling of document objects that have been created, modified, deleted then accessed by JavaScript. By storing references to document nodes, then removing them by a separate reference, the document model in memory becomes unstable. Accessing the tags property while the document is in this unstable condition results in a heap corruption, allowing the execution of arbitrary code.
*Credits:
Peter Vreugdenhil
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-10-10 CVE Reserved
- 2007-12-11 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1019078 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/484890/100/100/threaded | Mailing List | |
| http://www.securityfocus.com/bid/26817 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA07-345A.html | Third Party Advisory | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-075.html | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38715 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28036 | 2021-07-23 | |
| http://www.securityfocus.com/archive/1/485268/100/0/threaded | 2021-07-23 | |
| http://www.vupen.com/english/advisories/2007/4184 | 2021-07-23 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069 | 2021-07-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 5.x Search vendor "Microsoft" for product "Ie" and version "5.x" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6.0 Search vendor "Microsoft" for product "Ie" and version "6.0" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6.0 Search vendor "Microsoft" for product "Ie" and version "6.0" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5 Search vendor "Microsoft" for product "Internet Explorer" and version "5" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.1 Search vendor "Microsoft" for product "Internet Explorer" and version "5.1" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01" | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01" | sp4 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.2.3 Search vendor "Microsoft" for product "Internet Explorer" and version "5.2.3" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.5 Search vendor "Microsoft" for product "Internet Explorer" and version "5.5" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.5 Search vendor "Microsoft" for product "Internet Explorer" and version "5.5" | preview |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.5 Search vendor "Microsoft" for product "Internet Explorer" and version "5.5" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.5 Search vendor "Microsoft" for product "Internet Explorer" and version "5.5" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0.2600 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2600" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0.2800 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2800" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0.2800.1106 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2800.1106" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0.2900 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2900" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0.2900.2180 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2900.2180" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7 Search vendor "Microsoft" for product "Internet Explorer" and version "7" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0" | beta |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0" | beta1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0" | beta2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7.0 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0" | beta3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 7.0.5730.11 Search vendor "Microsoft" for product "Internet Explorer" and version "7.0.5730.11" | - |
Affected
| ||||||