Computer Security

CVE-2007-3902
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2007-3902
StatusUNKNOWN
DescriptionUse-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
SeverityHigh
CVSS score9,3
CVSS vector(AV:N/AC:M/Au:N/C:C/I:C/A:C)
PhaseASSIGNED (03.10.2011)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3902
ReferencesBID : 26506
 BUGTRAQ : 20071211 ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability
 CERT : TA07-345A
 HP : SSRT071506
 HP : SSRT071506
 IDEFENSE : 20071211 Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability
 MISC : http://www.zerodayinitiative.com/advisories/ZDI-07...
 OVAL : oval:org.mitre.oval:def:4582
 SECTRACK : 1019078
 SECUNIA : 28036
 VUPEN : ADV-2007-4184
 XF : ie-uninit-object-code-execution(38713)
SecurityVulns:Microsoft Internet Explorer multiple security vulnerabilities
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server