6.8
CVE-2007-5344
- EPSS 23.32%
- Published 12.12.2007 00:46:00
- Last modified 09.04.2025 00:30:58
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version5
Microsoft ≫ Internet Explorer Version5.01
Microsoft ≫ Internet Explorer Version5.1
Microsoft ≫ Internet Explorer Version5.01 Updatesp1
Microsoft ≫ Internet Explorer Version5.01 Updatesp2
Microsoft ≫ Internet Explorer Version5.01 Updatesp3
Microsoft ≫ Internet Explorer Version5.01 Updatesp4
Microsoft ≫ Internet Explorer Version5.2.3
Microsoft ≫ Internet Explorer Version5.5
Microsoft ≫ Internet Explorer Version5.5 Updatepreview
Microsoft ≫ Internet Explorer Version5.5 Updatesp1
Microsoft ≫ Internet Explorer Version5.5 Updatesp2
Microsoft ≫ Internet Explorer Version6
Microsoft ≫ Internet Explorer Version6 Updatesp1
Microsoft ≫ Internet Explorer Version6.0
Microsoft ≫ Internet Explorer Version6.0.2600
Microsoft ≫ Internet Explorer Version6.0.2800
Microsoft ≫ Internet Explorer Version6.0.2800.1106
Microsoft ≫ Internet Explorer Version6.0.2900
Microsoft ≫ Internet Explorer Version6.0.2900.2180
Microsoft ≫ Internet Explorer Version7
Microsoft ≫ Internet Explorer Version7.0
Microsoft ≫ Internet Explorer Version7.0 Updatebeta
Microsoft ≫ Internet Explorer Version7.0 Updatebeta1
Microsoft ≫ Internet Explorer Version7.0 Updatebeta2
Microsoft ≫ Internet Explorer Version7.0 Updatebeta3
Microsoft ≫ Internet Explorer Version7.0.5730.11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 23.32% | 0.957 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.