CVE-2007-3902

high

Description

Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582

https://exchange.xforce.ibmcloud.com/vulnerabilities/38713

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069

http://www.zerodayinitiative.com/advisories/ZDI-07-073.html

http://www.vupen.com/english/advisories/2007/4184

http://www.us-cert.gov/cas/techalerts/TA07-345A.html

http://www.securityfocus.com/bid/26506

http://www.securityfocus.com/archive/1/485268/100/0/threaded

http://www.securityfocus.com/archive/1/484887/100/0/threaded

http://securitytracker.com/id?1019078

http://secunia.com/advisories/28036

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631

Details

Source: Mitre, NVD

Published: 2007-12-12

Updated: 2021-07-23

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High