cvelistv5 - cve-2007-1751

CVE-2007-1751 (GCVE-0-2007-1751)

Vulnerability from cvelistv5 – Published: 2007-06-12 19:00 – Updated: 2024-08-07 13:06

Summary

Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://osvdb.org/35351	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.zerodayinitiative.com/advisories/ZDI-0…	x_refsource_MISC
	http://secunia.com/advisories/25627	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/471947/100…	vendor-advisoryx_refsource_HP
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/archive/1/471210/100…	mailing-listx_refsource_BUGTRAQ
	http://securitytracker.com/id?1018235	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/24418	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2007/2153	vdb-entryx_refsource_VUPEN
	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	third-party-advisoryx_refsource_CERT
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/archive/1/471947/100…	vendor-advisoryx_refsource_HP

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:06:26.394Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "35351",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35351"
          },
          {
            "name": "ie-uninitialized-object-code-execution(34626)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34626"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-038.html"
          },
          {
            "name": "25627",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25627"
          },
          {
            "name": "SSRT071438",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:1978",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978"
          },
          {
            "name": "20070612 ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471210/100/0/threaded"
          },
          {
            "name": "1018235",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018235"
          },
          {
            "name": "24418",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24418"
          },
          {
            "name": "ADV-2007-2153",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2153"
          },
          {
            "name": "TA07-163A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
          },
          {
            "name": "MS07-033",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
          },
          {
            "name": "HPSBST02231",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka \"Uninitialized Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "35351",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35351"
        },
        {
          "name": "ie-uninitialized-object-code-execution(34626)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34626"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-038.html"
        },
        {
          "name": "25627",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25627"
        },
        {
          "name": "SSRT071438",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:1978",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978"
        },
        {
          "name": "20070612 ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/471210/100/0/threaded"
        },
        {
          "name": "1018235",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018235"
        },
        {
          "name": "24418",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24418"
        },
        {
          "name": "ADV-2007-2153",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2153"
        },
        {
          "name": "TA07-163A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
        },
        {
          "name": "MS07-033",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
        },
        {
          "name": "HPSBST02231",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-1751",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka \"Uninitialized Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "35351",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35351"
            },
            {
              "name": "ie-uninitialized-object-code-execution(34626)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34626"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-038.html",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-038.html"
            },
            {
              "name": "25627",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25627"
            },
            {
              "name": "SSRT071438",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:1978",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978"
            },
            {
              "name": "20070612 ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/471210/100/0/threaded"
            },
            {
              "name": "1018235",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018235"
            },
            {
              "name": "24418",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24418"
            },
            {
              "name": "ADV-2007-2153",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2153"
            },
            {
              "name": "TA07-163A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "MS07-033",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
            },
            {
              "name": "HPSBST02231",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-1751",
    "datePublished": "2007-06-12T19:00:00",
    "dateReserved": "2007-03-29T00:00:00",
    "dateUpdated": "2024-08-07T13:06:26.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3F2A51E-2675-4993-B9C2-F2D176A92857\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D47247A3-7CD7-4D67-9D9B-A94A504DA1BE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A0607E7-B416-4AF8-ADF6-6E503627DD29\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C0C7D2B-0AA5-4E82-B58B-2668A0EAC2E9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CAEEA81-5037-4B68-98D9-83AAEBC98E20\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka \\\"Uninitialized Memory Corruption Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Microsoft Internet Explorer versiones 5.01, 6 y 7 permite a los atacantes remotos ejecutar c\\u00f3digo arbitrario causando que Internet Explorer acceda a un objeto no inicializado o eliminado, relacionado con variables prototipo y celdas de tabla, tambi\\u00e9n se conoce como \\\"Uninitialized Memory Corruption Vulnerability\\\".\"}]",
      "id": "CVE-2007-1751",
      "lastModified": "2024-11-21T00:29:04.560",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-06-12T19:30:00.000",
      "references": "[{\"url\": \"http://osvdb.org/35351\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/25627\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018235\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/471210/100/0/threaded\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/24418\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2153\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-07-038.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34626\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Tool Signature\"]}, {\"url\": \"http://osvdb.org/35351\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/25627\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018235\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/471210/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/471947/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/24418\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2153\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-07-038.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34626\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Tool Signature\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-908\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-1751\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2007-06-12T19:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka \\\"Uninitialized Memory Corruption Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft Internet Explorer versiones 5.01, 6 y 7 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario causando que Internet Explorer acceda a un objeto no inicializado o eliminado, relacionado con variables prototipo y celdas de tabla, tambi\u00e9n se conoce como \\\"Uninitialized Memory Corruption Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3F2A51E-2675-4993-B9C2-F2D176A92857\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D47247A3-7CD7-4D67-9D9B-A94A504DA1BE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BC71FD8-D385-4507-BD14-B75FDD4C79E6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A0607E7-B416-4AF8-ADF6-6E503627DD29\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C0C7D2B-0AA5-4E82-B58B-2668A0EAC2E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CAEEA81-5037-4B68-98D9-83AAEBC98E20\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/35351\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/25627\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018235\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/471210/100/0/threaded\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/24418\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2153\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-07-038.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34626\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Tool Signature\"]},{\"url\":\"http://osvdb.org/35351\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/25627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/471210/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/471947/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/24418\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-163A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2153\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-07-038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34626\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Tool Signature\"]}]}}"
  }
}

CERTA-2007-AVI-263

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans le navigateur Microsoft Internet Explorer. L'exploitation de l'une d'elles permettrait à une personne malveillante de tromper l'utilisateur, voire d'exécuter des commandes arbitraires sur son système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le navigateur Microsoft Internet Explorer. Parmi celles-ci :

le navigateur ne crée pas correctement les instances de certains objets COM (Component Object Model) pour les utiliser comme contrôles ActiveX. Cette vulnérabilité, exploitée par le biais d'une page Web spécialement construite, permet à la personne malveillante de lancer des commandes arbitraires sur le système, avec les mêmes droits que l'utilisateur connecté. Internet Explorer 7 n'est cependant pas affecté par cette vulnérabilité ;
le navigateur ne manipule pas correctement certaines balises de style CSS (Cascading Style Sheets). Une page spécialement construite pourrait donc corrompre la mémoire du système, et permettre l'exécution de code ;
le navigateur ne gère pas correctement l'installation de plusieurs paquets linguistiques, pouvant entraîner une situation de compétition (race condition). Cette dernière permettrait à une personne malveillante d'exécuter du code arbitraire sur le système ;
le navigateur chercherait à accéder à un objet qui n'a pas été initialisé, ou qui a été préalablement supprimé. Ce problème peut être exploité par une personne malveillante pour, comme les précédentes vulnérabilités, exécuter du code arbitraire sur le système vulnérable ;
le navigateur ne gère pas correctement les modifications de la page d'annulation (cancel page). Une personne malveillante pourrait donc tromper l'utilisateur en lui présentant une autre page spécialement construite ;
le navigateur ne manipule pas correctement certains objets ActiveX liés à Microsoft Speech, un moyen d'interagir avec la machine pour les applications vocales.

Solution

Se référer au bulletin de sécurité MS07-033 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Internet Explorer 7 sous Windows XP, Windows Server 2003 et Windows Vista.
Microsoft	Windows	Microsoft Internet Explorer 6 sous Windows XP et Windows Server 2003 ;
Microsoft	Windows	Microsoft Internet Explorer 5.01 et Internet Explorer 6 Service Pack 1 sous Windows 2000 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-033 du 12 juin 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Internet Explorer 7 sous Windows XP, Windows Server 2003 et Windows Vista.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 sous Windows XP et Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 5.01 et Internet Explorer 6 Service Pack 1 sous Windows 2000 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. Parmi celles-ci :\n\n-   le navigateur ne cr\u00e9e pas correctement les instances de certains\n    objets COM (Component Object Model) pour les utiliser comme\n    contr\u00f4les ActiveX. Cette vuln\u00e9rabilit\u00e9, exploit\u00e9e par le biais d\u0027une\n    page Web sp\u00e9cialement construite, permet \u00e0 la personne malveillante\n    de lancer des commandes arbitraires sur le syst\u00e8me, avec les m\u00eames\n    droits que l\u0027utilisateur connect\u00e9. Internet Explorer 7 n\u0027est\n    cependant pas affect\u00e9 par cette vuln\u00e9rabilit\u00e9 ;\n-   le navigateur ne manipule pas correctement certaines balises de\n    style CSS (Cascading Style Sheets). Une page sp\u00e9cialement construite\n    pourrait donc corrompre la m\u00e9moire du syst\u00e8me, et permettre\n    l\u0027ex\u00e9cution de code ;\n-   le navigateur ne g\u00e8re pas correctement l\u0027installation de plusieurs\n    paquets linguistiques, pouvant entra\u00eener une situation de\n    comp\u00e9tition (race condition). Cette derni\u00e8re permettrait \u00e0 une\n    personne malveillante d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me ;\n-   le navigateur chercherait \u00e0 acc\u00e9der \u00e0 un objet qui n\u0027a pas \u00e9t\u00e9\n    initialis\u00e9, ou qui a \u00e9t\u00e9 pr\u00e9alablement supprim\u00e9. Ce probl\u00e8me peut\n    \u00eatre exploit\u00e9 par une personne malveillante pour, comme les\n    pr\u00e9c\u00e9dentes vuln\u00e9rabilit\u00e9s, ex\u00e9cuter du code arbitraire sur le\n    syst\u00e8me vuln\u00e9rable ;\n-   le navigateur ne g\u00e8re pas correctement les modifications de la page\n    d\u0027annulation (cancel page). Une personne malveillante pourrait donc\n    tromper l\u0027utilisateur en lui pr\u00e9sentant une autre page sp\u00e9cialement\n    construite ;\n-   le navigateur ne manipule pas correctement certains objets ActiveX\n    li\u00e9s \u00e0 Microsoft Speech, un moyen d\u0027interagir avec la machine pour\n    les applications vocales.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS07-033 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0218"
    },
    {
      "name": "CVE-2007-1750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1750"
    },
    {
      "name": "CVE-2007-1499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1499"
    },
    {
      "name": "CVE-2007-2222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2222"
    },
    {
      "name": "CVE-2007-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1751"
    },
    {
      "name": "CVE-2007-3027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3027"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-263",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. L\u0027exploitation de l\u0027une d\u0027elles permettrait\n\u00e0 une personne malveillante de tromper l\u0027utilisateur, voire d\u0027ex\u00e9cuter\ndes commandes arbitraires sur son syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-033 du 12 juin 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx"
    }
  ]
}

CERTA-2007-AVI-263

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités ont été identifiées dans le navigateur Microsoft Internet Explorer. Parmi celles-ci :

le navigateur ne crée pas correctement les instances de certains objets COM (Component Object Model) pour les utiliser comme contrôles ActiveX. Cette vulnérabilité, exploitée par le biais d'une page Web spécialement construite, permet à la personne malveillante de lancer des commandes arbitraires sur le système, avec les mêmes droits que l'utilisateur connecté. Internet Explorer 7 n'est cependant pas affecté par cette vulnérabilité ;
le navigateur ne manipule pas correctement certaines balises de style CSS (Cascading Style Sheets). Une page spécialement construite pourrait donc corrompre la mémoire du système, et permettre l'exécution de code ;
le navigateur ne gère pas correctement l'installation de plusieurs paquets linguistiques, pouvant entraîner une situation de compétition (race condition). Cette dernière permettrait à une personne malveillante d'exécuter du code arbitraire sur le système ;
le navigateur chercherait à accéder à un objet qui n'a pas été initialisé, ou qui a été préalablement supprimé. Ce problème peut être exploité par une personne malveillante pour, comme les précédentes vulnérabilités, exécuter du code arbitraire sur le système vulnérable ;
le navigateur ne gère pas correctement les modifications de la page d'annulation (cancel page). Une personne malveillante pourrait donc tromper l'utilisateur en lui présentant une autre page spécialement construite ;
le navigateur ne manipule pas correctement certains objets ActiveX liés à Microsoft Speech, un moyen d'interagir avec la machine pour les applications vocales.

Solution

Se référer au bulletin de sécurité MS07-033 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Internet Explorer 7 sous Windows XP, Windows Server 2003 et Windows Vista.
Microsoft	Windows	Microsoft Internet Explorer 6 sous Windows XP et Windows Server 2003 ;
Microsoft	Windows	Microsoft Internet Explorer 5.01 et Internet Explorer 6 Service Pack 1 sous Windows 2000 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-033 du 12 juin 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Internet Explorer 7 sous Windows XP, Windows Server 2003 et Windows Vista.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 sous Windows XP et Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 5.01 et Internet Explorer 6 Service Pack 1 sous Windows 2000 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. Parmi celles-ci :\n\n-   le navigateur ne cr\u00e9e pas correctement les instances de certains\n    objets COM (Component Object Model) pour les utiliser comme\n    contr\u00f4les ActiveX. Cette vuln\u00e9rabilit\u00e9, exploit\u00e9e par le biais d\u0027une\n    page Web sp\u00e9cialement construite, permet \u00e0 la personne malveillante\n    de lancer des commandes arbitraires sur le syst\u00e8me, avec les m\u00eames\n    droits que l\u0027utilisateur connect\u00e9. Internet Explorer 7 n\u0027est\n    cependant pas affect\u00e9 par cette vuln\u00e9rabilit\u00e9 ;\n-   le navigateur ne manipule pas correctement certaines balises de\n    style CSS (Cascading Style Sheets). Une page sp\u00e9cialement construite\n    pourrait donc corrompre la m\u00e9moire du syst\u00e8me, et permettre\n    l\u0027ex\u00e9cution de code ;\n-   le navigateur ne g\u00e8re pas correctement l\u0027installation de plusieurs\n    paquets linguistiques, pouvant entra\u00eener une situation de\n    comp\u00e9tition (race condition). Cette derni\u00e8re permettrait \u00e0 une\n    personne malveillante d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me ;\n-   le navigateur chercherait \u00e0 acc\u00e9der \u00e0 un objet qui n\u0027a pas \u00e9t\u00e9\n    initialis\u00e9, ou qui a \u00e9t\u00e9 pr\u00e9alablement supprim\u00e9. Ce probl\u00e8me peut\n    \u00eatre exploit\u00e9 par une personne malveillante pour, comme les\n    pr\u00e9c\u00e9dentes vuln\u00e9rabilit\u00e9s, ex\u00e9cuter du code arbitraire sur le\n    syst\u00e8me vuln\u00e9rable ;\n-   le navigateur ne g\u00e8re pas correctement les modifications de la page\n    d\u0027annulation (cancel page). Une personne malveillante pourrait donc\n    tromper l\u0027utilisateur en lui pr\u00e9sentant une autre page sp\u00e9cialement\n    construite ;\n-   le navigateur ne manipule pas correctement certains objets ActiveX\n    li\u00e9s \u00e0 Microsoft Speech, un moyen d\u0027interagir avec la machine pour\n    les applications vocales.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS07-033 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0218"
    },
    {
      "name": "CVE-2007-1750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1750"
    },
    {
      "name": "CVE-2007-1499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1499"
    },
    {
      "name": "CVE-2007-2222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2222"
    },
    {
      "name": "CVE-2007-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1751"
    },
    {
      "name": "CVE-2007-3027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3027"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-263",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. L\u0027exploitation de l\u0027une d\u0027elles permettrait\n\u00e0 une personne malveillante de tromper l\u0027utilisateur, voire d\u0027ex\u00e9cuter\ndes commandes arbitraires sur son syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-033 du 12 juin 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx"
    }
  ]
}

GHSA-33QV-5F33-PV7H

Vulnerability from github – Published: 2022-05-01 17:56 – Updated: 2022-05-01 17:56

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1751"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-06-12T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka \"Uninitialized Memory Corruption Vulnerability.\"",
  "id": "GHSA-33qv-5f33-pv7h",
  "modified": "2022-05-01T17:56:44Z",
  "published": "2022-05-01T17:56:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1751"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34626"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/35351"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25627"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1018235"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/471210/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24418"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2153"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-038.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-1751

Vulnerability from fkie_nvd - Published: 2007-06-12 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://osvdb.org/35351	Broken Link
secure@microsoft.com	http://secunia.com/advisories/25627	Broken Link, Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1018235	Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securityfocus.com/archive/1/471210/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securityfocus.com/archive/1/471947/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securityfocus.com/bid/24418	Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2007/2153	Broken Link, Vendor Advisory
secure@microsoft.com	http://www.zerodayinitiative.com/advisories/ZDI-07-038.html	Third Party Advisory, VDB Entry
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033	Patch, Vendor Advisory
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/34626	Third Party Advisory, VDB Entry
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978	Tool Signature
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/35351	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25627	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018235	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/471210/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/471947/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24418	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2153	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-07-038.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34626	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978	Tool Signature

Impacted products

Vendor	Product	Version
microsoft	internet_explorer	5.01
microsoft	internet_explorer	6
microsoft	windows_2000	-
microsoft	internet_explorer	6
microsoft	internet_explorer	7.0
microsoft	windows_2003_server	-
microsoft	windows_2003_server	-
microsoft	windows_vista	-
microsoft	windows_xp	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BC71FD8-D385-4507-BD14-B75FDD4C79E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2A0607E7-B416-4AF8-ADF6-6E503627DD29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "3C0C7D2B-0AA5-4E82-B58B-2668A0EAC2E9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka \"Uninitialized Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Internet Explorer versiones 5.01, 6 y 7 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario causando que Internet Explorer acceda a un objeto no inicializado o eliminado, relacionado con variables prototipo y celdas de tabla, tambi\u00e9n se conoce como \"Uninitialized Memory Corruption Vulnerability\"."
    }
  ],
  "id": "CVE-2007-1751",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-06-12T19:30:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/35351"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25627"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1018235"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/471210/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/24418"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2153"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-038.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34626"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/35351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1018235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/471210/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/24418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Tool Signature"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-908"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-1751

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-1751

Aliases

CVE-2007-1751

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1751",
    "description": "Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka \"Uninitialized Memory Corruption Vulnerability.\"",
    "id": "GSD-2007-1751"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1751"
      ],
      "details": "Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka \"Uninitialized Memory Corruption Vulnerability.\"",
      "id": "GSD-2007-1751",
      "modified": "2023-12-13T01:21:39.425958Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2007-1751",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka \"Uninitialized Memory Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "35351",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/35351"
          },
          {
            "name": "ie-uninitialized-object-code-execution(34626)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34626"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-038.html",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-038.html"
          },
          {
            "name": "25627",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25627"
          },
          {
            "name": "SSRT071438",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:1978",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978"
          },
          {
            "name": "20070612 ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/471210/100/0/threaded"
          },
          {
            "name": "1018235",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1018235"
          },
          {
            "name": "24418",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24418"
          },
          {
            "name": "ADV-2007-2153",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2153"
          },
          {
            "name": "TA07-163A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
          },
          {
            "name": "MS07-033",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
          },
          {
            "name": "HPSBST02231",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-1751"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka \"Uninitialized Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-908"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-038.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-038.html"
            },
            {
              "name": "TA07-163A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "24418",
              "refsource": "BID",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/24418"
            },
            {
              "name": "1018235",
              "refsource": "SECTRACK",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1018235"
            },
            {
              "name": "25627",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/25627"
            },
            {
              "name": "ADV-2007-2153",
              "refsource": "VUPEN",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2153"
            },
            {
              "name": "35351",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://osvdb.org/35351"
            },
            {
              "name": "ie-uninitialized-object-code-execution(34626)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34626"
            },
            {
              "name": "oval:org.mitre.oval:def:1978",
              "refsource": "OVAL",
              "tags": [
                "Tool Signature"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978"
            },
            {
              "name": "MS07-033",
              "refsource": "MS",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
            },
            {
              "name": "SSRT071438",
              "refsource": "HP",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "name": "20070612 ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/471210/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2022-02-28T16:50Z",
      "publishedDate": "2007-06-12T19:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-1751 (GCVE-0-2007-1751)

CERTA-2007-AVI-263

Description

Solution

CERTA-2007-AVI-263

Description

Solution

GHSA-33QV-5F33-PV7H

FKIE_CVE-2007-1751

GSD-2007-1751

Tags

Sightings

Nomenclature