Vulnerability CVE-2007-0947 - CERT Civis.Net

Vulnerability Name:

CVE-2007-0947 (CCN-33256)

Assigned:

2007-05-08

Published:

2007-05-08

Updated:

2021-07-23

Summary:

Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.

CVSS v3 Severity:

9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2007-0947

Source: CCN
Type: SA23769
Internet Explorer Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
23769

Source: CCN
Type: Secunia Research 09/05/2007
Internet Explorer HTML Objects Memory Corruption Vulnerability

Source: MISC
Type: Patch, Vendor Advisory
http://secunia.com/secunia_research/2007-36/advisory/

Source: CCN
Type: SECTRACK ID: 1018019
Microsoft Internet Explorer Bugs Let Remote Users Modify Files or Execute Arbitrary Code

Source: CCN
Type: ASA-2007-182
MS07-027 Cumulative Security Update for Internet Explorer (931768)

Source: CCN
Type: Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)

Source: CCN
Type: Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)

Source: CCN
Type: Microsoft Security Bulletin MS07-045
Cumulative Security Update for Internet Explorer (937143)

Source: CCN
Type: Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)

Source: CCN
Type: Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)

Source: CCN
Type: Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)

Source: CCN
Type: Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)

Source: CCN
Type: Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)

Source: CCN
Type: Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)

Source: CCN
Type: Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)

Source: OSVDB
Type: UNKNOWN
34403

Source: CCN
Type: OSVDB ID: 34403
Microsoft IE HTML CMarkup Objects Unspecified Memory Corruption

Source: HP
Type: UNKNOWN
HPSBST02214

Source: BID
Type: Patch
23772

Source: CCN
Type: BID-23772
Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018019

Source: CERT
Type: US Government Resource
TA07-128A

Source: VUPEN
Type: Vendor Advisory
ADV-2007-1712

Source: MS
Type: UNKNOWN
MS07-027

Source: XF
Type: UNKNOWN
ie-html-memory-code-execution-variant(33256)

Source: XF
Type: UNKNOWN
ie-html-memory-code-execution-variant(33256)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:2048

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*

AND

cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*

AND

cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*

AND

cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*

AND

cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:-:*:x64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:2048	V	HTML Objects Memory Corruption Vulnerabilities	2014-03-17