CVE-2007-3902

Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631
http://www.zerodayinitiative.com/advisories/ZDI-07-073.html
http://www.securityfocus.com/bid/26506
http://securitytracker.com/id?1019078
http://secunia.com/advisories/28036	Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA07-345A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/4184	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/38713
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069
http://www.securityfocus.com/archive/1/485268/100/0/threaded
http://www.securityfocus.com/archive/1/484887/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:internet_explorer:5:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.2.3:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.5:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.0.2600:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.0.2800:::::::*
	cpe:2.3:a:microsoft:internet_explorer:7.0:::::::*
	cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp3::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp2::::::
	cpe:2.3:a:microsoft:ie:5.x:::::::*
	cpe:2.3:a:microsoft:ie:6.0:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp4::::::
	cpe:2.3:a:microsoft:ie:6.0:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:7:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.01:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.5:preview::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.0.2900:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:::::::*
	cpe:2.3:a:microsoft:internet_explorer:7.0:beta::::::
	cpe:2.3:a:microsoft:internet_explorer:7.0:beta1::::::
	cpe:2.3:a:microsoft:internet_explorer:7.0:beta2::::::
	cpe:2.3:a:microsoft:internet_explorer:7.0:beta3::::::

Information

Published : 2007-12-11 16:46

Updated : 2021-07-23 08:06

NVD link : CVE-2007-3902

Mitre link : CVE-2007-3902

JSON object : View

CWE

CWE-399

Resource Management Errors

CWE-189

Numeric Errors

Products Affected

microsoft

internet_explorer
ie

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631", "name": "20071211 Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability", "tags": [], "refsource": "IDEFENSE"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-073.html", "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-073.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/26506", "name": "26506", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1019078", "name": "1019078", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/28036", "name": "28036", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-345A.html", "name": "TA07-345A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://www.vupen.com/english/advisories/2007/4184", "name": "ADV-2007-4184", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38713", "name": "ie-uninit-object-code-execution(38713)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582", "name": "oval:org.mitre.oval:def:4582", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069", "name": "MS07-069", "tags": [], "refsource": "MS"}, {"url": "http://www.securityfocus.com/archive/1/485268/100/0/threaded", "name": "SSRT071506", "tags": [], "refsource": "HP"}, {"url": "http://www.securityfocus.com/archive/1/484887/100/0/threaded", "name": "20071211 ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of \"Uninitialized Memory Corruption Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-189"}, {"lang": "en", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3902", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2007-12-12T00:46Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-07-23T15:06Z"}

9.3 /10