CVE-2007-0942 — Microsoft IE vulnerability

3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
55.3%
top 1.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedMay 8
Latest updateMay 1

Description

Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

â–¶NVDmicrosoft/internet_explorer5.0.1, 6.0, 7.0+2
â–¶NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-72fw-4xr8-m4vp: Microsoft Internet Explorer 5↗2022-05-01
â–¶
CVEList
CVE-2007-0942: Microsoft Internet Explorer 5↗2007-05-08
â–¶
CVE-2007-0942 — Microsoft IE vulnerability | cvebase