CVE-2007-5456Code Injection in Microsoft Internet Explorer

CWE-94Code Injection4 documents4 sources
Severity
7.5HIGHNVD
EPSS
10.6%
top 6.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedOct 14
Latest updateMay 1

Description

Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cros

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-47hh-2ggx-7r2j: Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary2022-05-01

📋Vendor Advisories

1
Red Hat
CVE-2007-0770: GraphicsMagick buffer overflow

💬Community

1
Bugzilla
CVE-2007-0770: GraphicsMagick buffer overflow2007-02-14
CVE-2007-5456 — Code Injection in Microsoft | cvebase