Vulnerability Description
Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2003 Server | sp1 |
| Microsoft | Windows Vista | All versions |
| Microsoft | Windows Xp | All versions |
| Microsoft | Internet Explorer | 6 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/23769PatchVendor Advisory
- http://secunia.com/secunia_research/2007-36/advisory/PatchVendor Advisory
- http://www.osvdb.org/34403
- http://www.securityfocus.com/archive/1/468871/100/200/threaded
- http://www.securityfocus.com/bid/23772Patch
- http://www.securitytracker.com/id?1018019
- http://www.us-cert.gov/cas/techalerts/TA07-128A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/1712Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-02
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33256
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/23769PatchVendor Advisory
- http://secunia.com/secunia_research/2007-36/advisory/PatchVendor Advisory
- http://www.osvdb.org/34403
- http://www.securityfocus.com/archive/1/468871/100/200/threaded
FAQ
What is CVE-2007-0947?
CVE-2007-0947 is a vulnerability with a CVSS score of 9.3 (HIGH). Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML obj...
How severe is CVE-2007-0947?
CVE-2007-0947 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0947?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2003 Server, Microsoft Windows Vista, Microsoft Windows Xp, Microsoft Internet Explorer.