Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka Uninitialized Memory Corruption Vulnerability.
Weakness
The product uses or accesses a resource that has not been initialized.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Internet_explorer | Microsoft | 5.01-sp4 (including) | 5.01-sp4 (including) |
| Internet_explorer | Microsoft | 6-sp1 (including) | 6-sp1 (including) |
Potential Mitigations
References
- http://osvdb.org/35351
- http://secunia.com/advisories/25627
- http://securitytracker.com/id?1018235
- http://www.securityfocus.com/archive/1/471210/100/0/threaded
- http://www.securityfocus.com/archive/1/471947/100/0/threaded
- http://www.securityfocus.com/bid/24418
- http://www.us-cert.gov/cas/techalerts/TA07-163A.html
- http://www.vupen.com/english/advisories/2007/2153
- http://www.zerodayinitiative.com/advisories/ZDI-07-038.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34626
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978
- http://osvdb.org/35351
- http://secunia.com/advisories/25627
- http://securitytracker.com/id?1018235
- http://www.securityfocus.com/archive/1/471210/100/0/threaded
- http://www.securityfocus.com/archive/1/471947/100/0/threaded
- http://www.securityfocus.com/bid/24418
- http://www.us-cert.gov/cas/techalerts/TA07-163A.html
- http://www.vupen.com/english/advisories/2007/2153
- http://www.zerodayinitiative.com/advisories/ZDI-07-038.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34626
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1978