ID |
CVE-2007-0947
|
Summary |
Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
|
CVSS |
Base: | 9.3 (as of 23-07-2021 - 15:05) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-399 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
oval
via4
|
accepted | 2014-03-17T04:00:15.381-04:00 | class | vulnerability | contributors | name | Sudhir Gandhe | organization | Secure Elements, Inc. |
name | Robert L. Hollis | organization | ThreatGuard, Inc. |
name | Jeff Ito | organization | Secure Elements, Inc. |
name | Maria Mikhno | organization | ALTX-SOFT |
| definition_extensions | comment | Microsoft Windows 2000 SP4 or later is installed | oval | oval:org.mitre.oval:def:229 |
comment | Microsoft Internet Explorer 5.01 SP4 is installed | oval | oval:org.mitre.oval:def:325 |
comment | Microsoft Windows 2000 SP4 or later is installed | oval | oval:org.mitre.oval:def:229 |
comment | Microsoft Internet Explorer 6 is installed | oval | oval:org.mitre.oval:def:563 |
comment | Microsoft Windows XP SP2 or later is installed | oval | oval:org.mitre.oval:def:521 |
comment | Microsoft Internet Explorer 6 is installed | oval | oval:org.mitre.oval:def:563 |
comment | Microsoft Windows XP SP1 (64-bit) is installed | oval | oval:org.mitre.oval:def:480 |
comment | Microsoft Windows Server 2003 SP1 (x86) is installed | oval | oval:org.mitre.oval:def:565 |
comment | Microsoft Internet Explorer 6 is installed | oval | oval:org.mitre.oval:def:563 |
comment | Microsoft Windows XP SP2 or later is installed | oval | oval:org.mitre.oval:def:521 |
comment | Microsoft Windows Server 2003 SP2 (x86) is installed | oval | oval:org.mitre.oval:def:1935 |
comment | Microsoft Internet Explorer 6 is installed | oval | oval:org.mitre.oval:def:563 |
comment | Microsoft Windows XP SP2 or later is installed | oval | oval:org.mitre.oval:def:521 |
comment | Microsoft Internet Explorer 7 is installed | oval | oval:org.mitre.oval:def:627 |
comment | Microsoft Windows Server 2003 SP1 (x86) is installed | oval | oval:org.mitre.oval:def:565 |
comment | Microsoft Windows Server 2003 SP2 (x86) is installed | oval | oval:org.mitre.oval:def:1935 |
comment | Microsoft Windows Vista is installed | oval | oval:org.mitre.oval:def:228 |
| description | Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. | family | windows | id | oval:org.mitre.oval:def:2048 | status | accepted | submitted | 2007-05-08T19:30:00 | title | HTML Objects Memory Corruption Vulnerabilities | version | 75 |
|
refmap
via4
|
|
Last major update |
23-07-2021 - 15:05 |
Published |
08-05-2007 - 23:19 |
Last modified |
23-07-2021 - 15:05 |