ID CVE-2007-0947
Summary Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. FrSIRT has noted the following: Multiple vulnerabilities have been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to take complete control of an affected system.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:7.0:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 16-10-2018 - 16:35)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-03-17T04:00:15.381-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Jeff Ito
    organization Secure Elements, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Internet Explorer 5.01 SP4 is installed
    oval oval:org.mitre.oval:def:325
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Vista is installed
    oval oval:org.mitre.oval:def:228
description Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
family windows
id oval:org.mitre.oval:def:2048
status accepted
submitted 2007-05-08T19:30:00
title HTML Objects Memory Corruption Vulnerabilities
version 69
refmap via4
bid 23772
cert TA07-128A
hp
  • HPSBST02214
  • SSRT071422
misc http://secunia.com/secunia_research/2007-36/advisory/
ms MS07-027
osvdb 34403
sectrack 1018019
secunia 23769
vupen ADV-2007-1712
xf ie-html-memory-code-execution-variant(33256)
vulnerable_product via4
  • cpe:2.3:a:microsoft:ie:6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:7.0:*:*:*:*:*:*:*
Last major update 16-10-2018 - 16:35
Published 08-05-2007 - 23:19
Back to Top