CVE-2007-0947 | Vulnerability Database | Aqua Security

Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two HTML Objects Memory Corruption Vulnerabilities and a different issue than CVE-2007-0946.

Affected Software

Name	Vendor	Start Version	End Version
Windows_2003_server	Microsoft	sp1 (including)	sp1 (including)
Windows_2003_server	Microsoft	sp2 (including)	sp2 (including)
Windows_vista	Microsoft	*	*
Windows_xp	Microsoft	*	*

References

http://secunia.com/advisories/23769
http://secunia.com/secunia_research/2007-36/advisory/
http://www.osvdb.org/34403
http://www.securityfocus.com/archive/1/468871/100/200/threaded
http://www.securityfocus.com/bid/23772
http://www.securitytracker.com/id?1018019
http://www.us-cert.gov/cas/techalerts/TA07-128A.html
http://www.vupen.com/english/advisories/2007/1712
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027
https://exchange.xforce.ibmcloud.com/vulnerabilities/33256
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2048

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-0947
CWE	https://cwe.mitre.org/data/definitions/399.html