Vulnerabilities > CVE-2007-3902 - Resource Management Errors vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS07-069.NASL |
description | The remote host is missing the IE cumulative security update 942615. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 29313 |
published | 2007-12-11 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/29313 |
title | MS07-069: Cumulative Security Update for Internet Explorer (942615) |
code |
|
Oval
accepted | 2014-02-24T04:03:19.117-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:4582 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2007-12-12T14:22:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Uninitialized Memory Corruption Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 73 |
Seebug
bulletinFamily | exploit |
description | CVE ID:CVE-2007-3902 CNCVE ID:CNCVE-20073902 Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer处理CRecalcProperty函数存在内存破坏问题,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 问题存在于mshtml.dll的CRecalcProperty函数中,当在调用setExpressio方法后渲染HTML,之后跟随编程化建立元素的outerHTML属性的修改,有问题代码会引用之前释放的内存地址而导致代码执行。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 - Citrix ICA Client for Windows 4.0 SP6a - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services - Microsoft Windows 98 - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows XP Home + Microsoft Windows XP Home + Microsoft Windows XP Professional + Microsoft Windows XP Professional Microsoft Internet Explorer 7.0 + Microsoft Windows Vista Ultimate + Microsoft Windows Vista Ultimate + Microsoft Windows Vista Ultimate + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Business + Microsoft Windows Vista Business + Microsoft Windows Vista Business + Microsoft Windows Vista 0 + Microsoft Windows Vista 0 + Microsoft Windows Vista 0 + Microsoft Windows Vista 0 补丁安装: Microsoft Internet Explorer 6.0 SP1 Microsoft IE6.0sp1-KB942615-Windows2000-x86-ENU.exe <a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=BC8EDF05-262A target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=BC8EDF05-262A</a> -4D1D-B196-4FC1A844970C&displaylang=en Microsoft WindowsXP-KB942615-x86-ENU.exe <a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=6E4EBAFC-34C3 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=6E4EBAFC-34C3</a> -4DC7-B712-152C611D3F0A&displaylang=en Microsoft Internet Explorer 6.0 Microsoft WindowsServer2003-KB942615-ia64-ENU.exe <a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=B3F390A6-0361 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=B3F390A6-0361</a> -4553-B627-5E7AD6BF5055&displaylang=en Microsoft WindowsServer2003-KB942615-x86-ENU.exe <a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=BF466060-A585 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=BF466060-A585</a> -4C2E-A48D-70E080C3BBE7&displaylang=en Microsoft WindowsServer2003.WindowsXP-KB942615-x64-ENU.exe <a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=074697F2-18C8 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=074697F2-18C8</a> -4521-BBF7-1D0E7395D27D&displaylang=en Microsoft WindowsServer2003.WindowsXP-KB942615-x64-ENU.exe <a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=F5A5AF23-30FB target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=F5A5AF23-30FB</a> -4E47-94BD-3B05B55C92F2 Microsoft WindowsXP-KB942615-x86-ENU.exe <a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=6E4EBAFC-34C3 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=6E4EBAFC-34C3</a> -4DC7-B712-152C611D3F0A&displaylang=en |
id | SSV:2592 |
last seen | 2017-11-19 |
modified | 2007-12-13 |
published | 2007-12-13 |
reporter | Root |
title | Microsoft Internet Explorer setExpression远程代码漏洞 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631
- http://www.zerodayinitiative.com/advisories/ZDI-07-073.html
- http://www.securityfocus.com/bid/26506
- http://securitytracker.com/id?1019078
- http://secunia.com/advisories/28036
- http://www.us-cert.gov/cas/techalerts/TA07-345A.html
- http://www.vupen.com/english/advisories/2007/4184
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38713
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069
- http://www.securityfocus.com/archive/1/485268/100/0/threaded
- http://www.securityfocus.com/archive/1/484887/100/0/threaded