Use-After-Free Vulnerability in Microsoft Internet Explorer
CVE-2007-3902

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Explorer; Ie
Vendor: CVE Published:; 12 December 2007

Summary

A use-after-free vulnerability exists in the CRecalcProperty function within mshtml.dll in specific versions of Microsoft Internet Explorer. This flaw enables remote attackers to execute arbitrary code by exploiting the setExpression method in combination with modifications to the outerHTML property of HTML elements. Proper handling of memory allocation is crucial to prevent unauthorized access and execution of sensitive code, potentially compromising user security.

References

http://www.securityfocus.com/bid/26506

vdb-entryx_refsource_BID

http://securitytracker.com/id?1019078

vdb-entryx_refsource_SECTRACK

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 12, 2007
Vulnerability Reserved
Jul 19, 2007