Remote Code Execution Vulnerability in Internet Explorer by Microsoft
CVE-2007-0943

Currently unrated

Key Information:

Vendor: Microsoft
Status: Ie; Internet Explorer
Vendor: CVE Published:; 14 August 2007

Summary

A significant flaw in Internet Explorer versions 5.01 and 6 SP1 allows remote attackers to execute arbitrary code. This vulnerability arises from the mishandling of crafted Cascading Style Sheets (CSS) strings, leading to memory corruption scenarios. Specifically, it is related to the use of out-of-bounds pointers during the parsing process of CSS, which can be exploited to run malicious code on an affected system.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/cas/techalerts/TA07-226A.html

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

62% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 14, 2007
Vulnerability Reserved
Feb 14, 2007