CVE-2007-3826Code Injection in Microsoft Internet Explorer

CWE-94Code Injection4 documents2 sources
Severity
9.3CRITICALNVD
NVD7.5
EPSS
67.4%
top 1.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedJul 17
Latest updateMay 1

Description

Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/internet_explorer27 versions+26

🔴Vulnerability Details

2
GHSA
GHSA-mjmq-m73w-2rj6: Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phish2022-05-01
GHSA
GHSA-xpp7-fcx9-3jh8: Microsoft Internet Explorer 52022-05-01
CVE-2007-3826 — Code Injection in Microsoft | cvebase