First published: Wed Dec 12 2007(Updated: )
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Internet Explorer | =5 | |
Microsoft Ie | =6.0-sp1 | |
Microsoft Internet Explorer | =6-sp1 | |
Microsoft Internet Explorer | =5.01-sp4 | |
Microsoft Ie | =5.x | |
Microsoft Ie | =6.0-sp2 | |
Microsoft Internet Explorer | =7 | |
Microsoft Internet Explorer | =6 | |
Microsoft Internet Explorer | =5.01 | |
Microsoft Internet Explorer | =5.01-sp3 | |
Microsoft Internet Explorer | =5.5-sp2 | |
Microsoft Internet Explorer | =5.5 | |
Microsoft Internet Explorer | =5.01-sp1 | |
Microsoft Internet Explorer | =5.01-sp2 | |
Microsoft Internet Explorer | =5.1 | |
Microsoft Internet Explorer | =5.2.3 | |
Microsoft Internet Explorer | =5.5-preview | |
Microsoft Internet Explorer | =5.5-sp1 | |
Microsoft Internet Explorer | =6.0.2600 | |
Microsoft Internet Explorer | =6.0 | |
Microsoft Internet Explorer | =6.0.2800 | |
Microsoft Internet Explorer | =6.0.2800.1106 | |
Microsoft Internet Explorer | =6.0.2900 | |
Microsoft Internet Explorer | =6.0.2900.2180 | |
Microsoft Internet Explorer | =7.0-beta | |
Microsoft Internet Explorer | =7.0 | |
Microsoft Internet Explorer | =7.0.5730.11 | |
Microsoft Internet Explorer | =7.0-beta1 | |
Microsoft Internet Explorer | =7.0-beta2 | |
Microsoft Internet Explorer | =7.0-beta3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.