CVE-2007-1751

Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.zerodayinitiative.com/advisories/ZDI-07-038.html	Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA07-163A.html	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/24418	Broken Link Third Party Advisory VDB Entry
http://securitytracker.com/id?1018235	Broken Link Third Party Advisory VDB Entry
http://secunia.com/advisories/25627	Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2007/2153	Broken Link Vendor Advisory
http://osvdb.org/35351	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/34626	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978	Tool Signature
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/471947/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/471210/100/0/threaded	Broken Link Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:microsoft:internet_explorer:5.01:sp4::::::
	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::

cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:microsoft:internet_explorer:6:::::::*
	cpe:2.3:a:microsoft:internet_explorer:7.0:::::::*

OR	cpe:2.3:o:microsoft:windows_2003_server:-:sp1::::::
	cpe:2.3:o:microsoft:windows_2003_server:-:sp2::::::
	cpe:2.3:o:microsoft:windows_vista:-:::::::*
	cpe:2.3:o:microsoft:windows_xp:-:sp2::::::

Information

Published : 2007-06-12 12:30

Updated : 2022-02-28 08:50

NVD link : CVE-2007-1751

Mitre link : CVE-2007-1751

JSON object : View

CWE

CWE-908

Use of Uninitialized Resource

Products Affected

microsoft

windows_2003_server
windows_vista
windows_xp
internet_explorer
windows_2000

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-038.html", "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-038.html", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html", "name": "TA07-163A", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT"}, {"url": "http://www.securityfocus.com/bid/24418", "name": "24418", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1018235", "name": "1018235", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/25627", "name": "25627", "tags": ["Broken Link", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/2153", "name": "ADV-2007-2153", "tags": ["Broken Link", "Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://osvdb.org/35351", "name": "35351", "tags": ["Broken Link"], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34626", "name": "ie-uninitialized-object-code-execution(34626)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978", "name": "oval:org.mitre.oval:def:1978", "tags": ["Tool Signature"], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033", "name": "MS07-033", "tags": ["Patch", "Vendor Advisory"], "refsource": "MS"}, {"url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded", "name": "SSRT071438", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "HP"}, {"url": "http://www.securityfocus.com/archive/1/471210/100/0/threaded", "name": "20070612 ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka \"Uninitialized Memory Corruption Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-908"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-1751", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2007-06-12T19:30Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-02-28T16:50Z"}

9.3 /10