ID CVE-2007-1751
Summary Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 28-02-2022 - 16:50)
Impact:
Exploitability:
CWE CWE-908
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-02-24T04:00:26.305-05:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Jeff Cockerill
    organization G2, Inc.
  • name Chandan S
    organization SecPod Technologies
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Internet Explorer 5.01 SP4 is installed
    oval oval:org.mitre.oval:def:325
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows Vista is installed
    oval oval:org.mitre.oval:def:228
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
description Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."
family windows
id oval:org.mitre.oval:def:1978
status accepted
submitted 2007-06-13T08:22:59.000-04:00
title Uninitialized Memory Corruption Vulnerability
version 78
refmap via4
bid 24418
bugtraq 20070612 ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability
cert TA07-163A
hp
  • HPSBST02231
  • SSRT071438
misc http://www.zerodayinitiative.com/advisories/ZDI-07-038.html
osvdb 35351
sectrack 1018235
secunia 25627
vupen ADV-2007-2153
xf ie-uninitialized-object-code-execution(34626)
Last major update 28-02-2022 - 16:50
Published 12-06-2007 - 19:30
Last modified 28-02-2022 - 16:50
Back to Top