CVE-2007-3902 Information

Description

Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element one variant of \Uninitialized Memory Corruption Vulnerability.\

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631 http://secunia.com/advisories/28036 http://securitytracker.com/id?1019078 http://www.securityfocus.com/archive/1/484887/100/0/threaded http://www.securityfocus.com/archive/1/485268/100/0/threaded http://www.securityfocus.com/bid/26506 http://www.us-cert.gov/cas/techalerts/TA07-345A.html http://www.vupen.com/english/advisories/2007/4184 http://www.zerodayinitiative.com/advisories/ZDI-07-073.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069 https://exchange.xforce.ibmcloud.com/vulnerabilities/38713 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A4582