PT-2007-2384 · Microsoft · Windows Vista+4

Published

2007-05-08

Updated

2021-07-23

CVE-2007-0947

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer 7 versions on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista

Description: The issue allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory. This could enable an attacker to take complete control of an affected system by constructing a specially crafted Web page. If a user viewed the Web page, these vulnerabilities could allow remote code execution.

Recommendations: For Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista, consider restricting access to certain HTML objects until a patch is available. As a temporary workaround, avoid using crafted HTML objects in Internet Explorer until the issue is resolved.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2007-0947

Affected Products

Internet Explorer

Internet Explorer 7

Windows Server 2003

Windows Vista

Windows Xp

PT-2007-2384 · Microsoft · Windows Vista+4

CVE-2007-0947

Weakness Enumeration

Related Identifiers

Affected Products

References · 15