CVE-2007-0947
published 2007-05-08CVE-2007-0947: Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to…
PriorityP348critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
31.96%
98.1th percentile
Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p98c-q7fj-cjwq: Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attack
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-0947 [CRITICAL] GHSA-p98c-q7fj-cjwq: Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attack
Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
GHSA
GHSA-352r-wjp6-2638: Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-0946 [CRITICAL] GHSA-352r-wjp6-2638: Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers
Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/23769http://secunia.com/secunia_research/2007-36/advisory/http://www.osvdb.org/34403http://www.securityfocus.com/archive/1/468871/100/200/threadedhttp://www.securityfocus.com/bid/23772http://www.securitytracker.com/id?1018019http://www.us-cert.gov/cas/techalerts/TA07-128A.htmlhttp://www.vupen.com/english/advisories/2007/1712https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027https://exchange.xforce.ibmcloud.com/vulnerabilities/33256https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2048http://secunia.com/advisories/23769http://secunia.com/secunia_research/2007-36/advisory/http://www.osvdb.org/34403http://www.securityfocus.com/archive/1/468871/100/200/threadedhttp://www.securityfocus.com/bid/23772http://www.securitytracker.com/id?1018019http://www.us-cert.gov/cas/techalerts/TA07-128A.htmlhttp://www.vupen.com/english/advisories/2007/1712https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027https://exchange.xforce.ibmcloud.com/vulnerabilities/33256https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2048
2007-05-08
Published