Vulnerability in N/a
CVE-2007-3902
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML…
EPSS: 0.608 (98.3th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 26506 (vdb-entry, x_refsource_BID)
- 1019078 (vdb-entry, x_refsource_SECTRACK)
- 20071211 Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability (x_refsource_IDEFENSE, third-party-advisory)
- SSRT071506 (x_refsource_HP, vendor-advisory)
- 28036 (x_refsource_SECUNIA, third-party-advisory)
- MS07-069 (x_refsource_MS, vendor-advisory)
- ADV-2007-4184 (vdb-entry, x_refsource_VUPEN)
- TA07-345A (x_refsource_CERT, third-party-advisory)
- 20071211 ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability (mailing-list, x_refsource_BUGTRAQ)
- www.zerodayinitiative.com/advisories/ZDI-07-073.html (x_refsource_MISC)