CVE-2007-3903

Severity

68%

Complexity

86%

Confidentiality

106%

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

Microsoft

First reported 17 years ago

2007-12-12 00:46:00

Last updated 6 years ago

2018-10-15 21:32:00

Affected Software

Microsoft Internet Explorer 6

6

Microsoft Internet Explorer 6 Service Pack 1

6

Microsoft Internet Explorer 6.0

6.0

Microsoft Internet Explorer 6.0.2600

6.0.2600

Microsoft Internet Explorer 6.0.2800

6.0.2800

Microsoft Internet Explorer 6.0.2800.1106

6.0.2800.1106

Microsoft Internet Explorer 6.0.2900

6.0.2900

Microsoft Internet Explorer 6.0.2900.2180

6.0.2900.2180

Microsoft Internet Explorer 7

7

Microsoft Internet Explorer 7.0

7.0

Microsoft Internet Explorer 7.0 Beta

7.0

Microsoft ie 7.0_beta1

7.0

Microsoft ie 7.0_beta2

7.0

Microsoft ie 7.0_beta3

7.0

Microsoft Internet Explorer 7.0.5730.11

7.0.5730.11

References

28036

Vendor Advisory

1019078

20071211 ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption

SSRT071506

26816

TA07-345A

US Government Resource

ADV-2007-4184