CVE-2007-3027

Published: Jun 12, 2007Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."

Affected (4)

Products: Microsoft: Internet Explorer

1 product

Internet Explorer

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 5.01 sp4
Microsoft Internet Explorer	Version 6 sp1

Running on/with	Platform Versions
Microsoft Windows 2000	All versions

Configuration B

5 platform

Running on/with	Platform Versions
Microsoft Windows 2003 Server	Version sp1
Microsoft Windows 2003 Server	Version sp2
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Configuration C

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6

Running on/with	Platform Versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 2003 Server	Version sp1
Microsoft Windows 2003 Server	Version sp2

Configuration D

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 7.0

Running on/with	Platform Versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions

References (24)

http://osvdb.org/35350

Source: secure@microsoft.com

http://secunia.com/advisories/25627

Source: secure@microsoft.com

http://securitytracker.com/id?1018235

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/471209/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/471947/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/24429

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA07-163A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2007/2153

Source: secure@microsoft.com

http://www.zerodayinitiative.com/advisories/ZDI-07-037.html

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033

Source: secure@microsoft.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/34621

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1902

Source: secure@microsoft.com

http://osvdb.org/35350

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25627

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1018235

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/471209/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/471947/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24429

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA07-163A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2007/2153

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-07-037.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/34621

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1902

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.