CVE-2007-3902

Sažetak

Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631
http://www.zerodayinitiative.com/advisories/ZDI-07-073.html
http://www.securityfocus.com/bid/26506
http://securitytracker.com/id?1019078
http://secunia.com/advisories/28036
http://www.us-cert.gov/cas/techalerts/TA07-345A.html
http://www.vupen.com/english/advisories/2007/4184
https://exchange.xforce.ibmcloud.com/vulnerabilities/38713
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069
http://www.securityfocus.com/archive/1/485268/100/0/threaded
http://www.securityfocus.com/archive/1/484887/100/0/threaded

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

23-07-2021 - 15:06

Objavljeno

12-12-2007 - 00:46