Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5344

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5344
Last Modified 07 Mar 2011 12:00:00
Published 11 Dec 2007 07:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5344

Summary

Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."

Vulnerable Systems

Application

  • Microsoft Ie 5

  • Microsoft Ie 5.01

  • Microsoft Ie 5.1

  • Microsoft Ie 5.2.3

  • Microsoft Ie 5.5

  • Microsoft Ie 5.x

  • Microsoft Ie 6

  • Microsoft Ie 6.0

  • Microsoft Ie 6.0.2600

  • Microsoft Ie 6.0.2800

  • Microsoft Ie 6.0.2800.1106

  • Microsoft Ie 6.0.2900

  • Microsoft Ie 6.0.2900.2180

  • Microsoft Ie 7

  • Microsoft Ie 7.0

  • Microsoft Ie 7.0.5730.11


References

CERT - TA07-345A

MS - MS07-069

XF - ie-element-code-execution(38715)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-07-075.html

VUPEN - ADV-2007-4184

BID - 26817

HP - HPSBST02299

HP - SSRT071506

BUGTRAQ - 20071211 ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability

SECTRACK - 1019078

SECUNIA - 28036


Last Updated: 27 May 2016 10:46:08