CVE-2007-5344Code Injection in Microsoft IE

CWE-94Code Injection3 documents3 sources
Severity
6.8MEDIUMNVD
CNA9.3
EPSS
19.6%
top 4.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedDec 12
Latest updateMay 1

Description

Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDmicrosoft/internet_explorer15 versions+14
NVDmicrosoft/ie5.x, 6.0+1

🔴Vulnerability Details

2
GHSA
GHSA-w772-rr97-rmmm: Microsoft Internet Explorer 52022-05-01
CVEList
CVE-2007-5344: Microsoft Internet Explorer 52007-12-12
CVE-2007-5344 — Code Injection in Microsoft IE | cvebase