← Back

CVE-2007-5344

nvd nist
Published: Dec 12, 2007Modified: Apr 23, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."

Affected (30)

Microsoft
2 products
Ie
Internet Explorer
Configuration A
30 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Ie
Version 5.x
Ie
Version 6.0 sp1
Ie
Version 6.0 sp2
Microsoft
Internet Explorer
Version 5.01
Internet Explorer
Version 5.01 sp1
Internet Explorer
Version 5.01 sp2
Internet Explorer
Version 5.01 sp3
Internet Explorer
Version 5.01 sp4
Internet Explorer
Version 5.1
Internet Explorer
Version 5.2.3
Internet Explorer
Version 5.5
Internet Explorer
Version 5.5 preview
Internet Explorer
Version 5.5 sp1
Internet Explorer
Version 5.5 sp2
Internet Explorer
Version 5
Internet Explorer
Version 6.0.2600
Internet Explorer
Version 6.0.2800.1106
Internet Explorer
Version 6.0.2800
Internet Explorer
Version 6.0.2900.2180
Internet Explorer
Version 6.0.2900
Internet Explorer
Version 6.0
Internet Explorer
Version 6
Internet Explorer
Version 6 sp1
Internet Explorer
Version 7.0.5730.11
Internet Explorer
Version 7.0
Internet Explorer
Version 7.0 beta1
Internet Explorer
Version 7.0 beta2
Internet Explorer
Version 7.0 beta3
Internet Explorer
Version 7.0 beta
Internet Explorer
Version 7

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (22)

Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.