9.3

CVE-2007-3902

Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."

Data is provided by the National Vulnerability Database (NVD)
MicrosoftIe Version5.x
MicrosoftIe Version6.0 Updatesp1
MicrosoftIe Version6.0 Updatesp2
MicrosoftInternet Explorer Version5.01
MicrosoftInternet Explorer Version5.1
MicrosoftInternet Explorer Version5.01 Updatesp1
MicrosoftInternet Explorer Version5.01 Updatesp2
MicrosoftInternet Explorer Version5.01 Updatesp3
MicrosoftInternet Explorer Version5.01 Updatesp4
MicrosoftInternet Explorer Version5.2.3
MicrosoftInternet Explorer Version5.5
MicrosoftInternet Explorer Version5.5 Updatepreview
MicrosoftInternet Explorer Version5.5 Updatesp1
MicrosoftInternet Explorer Version5.5 Updatesp2
MicrosoftInternet Explorer Version6 Updatesp1
MicrosoftInternet Explorer Version6.0
MicrosoftInternet Explorer Version6.0.2600
MicrosoftInternet Explorer Version6.0.2800
MicrosoftInternet Explorer Version6.0.2800.1106
MicrosoftInternet Explorer Version6.0.2900
MicrosoftInternet Explorer Version6.0.2900.2180
MicrosoftInternet Explorer Version7.0
MicrosoftInternet Explorer Version7.0 Updatebeta
MicrosoftInternet Explorer Version7.0 Updatebeta1
MicrosoftInternet Explorer Version7.0 Updatebeta2
MicrosoftInternet Explorer Version7.0 Updatebeta3
MicrosoftInternet Explorer Version7.0.5730.11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 52.67% 0.977
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C