CVE-2007-3902

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 through 7

Description: The issue is related to a use-after-free vulnerability in the CRecalcProperty function, allowing remote attackers to execute arbitrary code. This can be achieved by calling the setExpression method and then modifying the outerHTML property of an HTML element. The vulnerability exists due to Internet Explorer accessing an object that has not been correctly initialized or that has been deleted, which could be exploited by constructing a specially crafted Web page, potentially leading to remote code execution.

Recommendations: For Microsoft Internet Explorer versions 5.01 through 7, consider applying security patches or updates to fix the vulnerability. As a temporary workaround, restrict access to specially crafted Web pages to minimize the risk of exploitation. Avoid using the setExpression method in conjunction with modifying the outerHTML property of an HTML element until the issue is resolved.