ID CVE-2007-5347
Summary Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.x:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 23-07-2021 - 15:06)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
oval via4
accepted 2014-02-24T04:03:18.466-05:00
class vulnerability
contributors
  • name Jeff Ito
    organization Secure Elements, Inc.
  • name Chandan S
    organization SecPod Technologies
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 SP1 for Itanium is installed
    oval oval:org.mitre.oval:def:1205
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
description Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
family windows
id oval:org.mitre.oval:def:4332
status accepted
submitted 2007-12-12T14:22:00
title Uninitialized Memory Corruption Vulnerability
version 76
refmap via4
bid 26427
cert TA07-345A
hp
  • HPSBST02299
  • SSRT071506
sectrack 1019078
secunia 28036
vupen ADV-2007-4184
xf ie-dhtml-object-code-execution(38716)
Last major update 23-07-2021 - 15:06
Published 12-12-2007 - 00:46
Last modified 23-07-2021 - 15:06
Back to Top