9.3
CVE-2007-3902
- EPSS 35.51%
- Veröffentlicht 12.12.2007 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:43:00
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version5
Microsoft ≫ Internet Explorer Version5.01
Microsoft ≫ Internet Explorer Version5.1
Microsoft ≫ Internet Explorer Version5.01 Updatesp1
Microsoft ≫ Internet Explorer Version5.01 Updatesp2
Microsoft ≫ Internet Explorer Version5.01 Updatesp3
Microsoft ≫ Internet Explorer Version5.01 Updatesp4
Microsoft ≫ Internet Explorer Version5.2.3
Microsoft ≫ Internet Explorer Version5.5
Microsoft ≫ Internet Explorer Version5.5 Updatepreview
Microsoft ≫ Internet Explorer Version5.5 Updatesp1
Microsoft ≫ Internet Explorer Version5.5 Updatesp2
Microsoft ≫ Internet Explorer Version6
Microsoft ≫ Internet Explorer Version6 Updatesp1
Microsoft ≫ Internet Explorer Version6.0
Microsoft ≫ Internet Explorer Version6.0.2600
Microsoft ≫ Internet Explorer Version6.0.2800
Microsoft ≫ Internet Explorer Version6.0.2800.1106
Microsoft ≫ Internet Explorer Version6.0.2900
Microsoft ≫ Internet Explorer Version6.0.2900.2180
Microsoft ≫ Internet Explorer Version7
Microsoft ≫ Internet Explorer Version7.0
Microsoft ≫ Internet Explorer Version7.0 Updatebeta
Microsoft ≫ Internet Explorer Version7.0 Updatebeta1
Microsoft ≫ Internet Explorer Version7.0 Updatebeta2
Microsoft ≫ Internet Explorer Version7.0 Updatebeta3
Microsoft ≫ Internet Explorer Version7.0.5730.11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 35.51% | 0.982 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
http://www.securityfocus.com/archive/1/485268/100/0/threaded
http://www.us-cert.gov/cas/techalerts/TA07-345A.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631
http://secunia.com/advisories/28036
http://securitytracker.com/id?1019078
http://www.securityfocus.com/archive/1/484887/100/0/threaded
http://www.securityfocus.com/bid/26506
http://www.vupen.com/english/advisories/2007/4184
http://www.zerodayinitiative.com/advisories/ZDI-07-073.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069
https://exchange.xforce.ibmcloud.com/vulnerabilities/38713
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582