CVE-2007-3903

Published: Dec 12, 2007Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."

Affected (17)

Products: Microsoft: Ie, Internet Explorer

2 products

Internet Explorer

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Microsoft Ie	Version 6.0 sp1
Microsoft Ie	Version 6.0 sp2
Microsoft Internet Explorer	Version 6.0.2600
Microsoft Internet Explorer	Version 6.0.2800.1106
Microsoft Internet Explorer	Version 6.0.2800
Microsoft Internet Explorer	Version 6.0.2900.2180
Microsoft Internet Explorer	Version 6.0.2900
Microsoft Internet Explorer	Version 6.0
Microsoft Internet Explorer	Version 6
Microsoft Internet Explorer	Version 6 sp1
Microsoft Internet Explorer	Version 7.0.5730.11
Microsoft Internet Explorer	Version 7.0
Microsoft Internet Explorer	Version 7.0 beta1
Microsoft Internet Explorer	Version 7.0 beta2
Microsoft Internet Explorer	Version 7.0 beta3
Microsoft Internet Explorer	Version 7.0 beta
Microsoft Internet Explorer	Version 7

Related CWEs

References (22)

http://secunia.com/advisories/28036

Source: secure@microsoft.com

Vendor Advisory

http://securitytracker.com/id?1019078

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/484888/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/485268/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/26816

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA07-345A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2007/4184

Source: secure@microsoft.com

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-07-074.html

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069

Source: secure@microsoft.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/38714

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553

Source: secure@microsoft.com

http://secunia.com/advisories/28036

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1019078

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/484888/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/485268/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/26816

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA07-345A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2007/4184

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-07-074.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/38714

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.