Memory Corruption Flaw in Microsoft Internet Explorer 6 and 7
CVE-2007-3903

Currently unrated

Key Information:

Vendor: Microsoft
Status: Ie; Internet Explorer
Vendor: CVE Published:; 12 December 2007

What is CVE-2007-3903?

A memory corruption vulnerability exists in Microsoft Internet Explorer 6 and 7, allowing remote attackers to execute arbitrary code. This exploit occurs when uninitialized or deleted objects are utilized in successive calls to JavaScript functions, specifically (1) cloneNode and (2) nodeValue. Attackers can leverage this flaw to manipulate web content, potentially compromising user systems.

References

http://securitytracker.com/id?1019078

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/archive/1/484888/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.zerodayinitiative.com/advisories/ZDI-07-074.html

x_refsource_MISC

EPSS Score

48% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 12, 2007
Vulnerability Reserved
Jul 19, 2007