CVE-2007-3903

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."

Published: Dec 12, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3903
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
microsoft / ie	6.0-sp1	6.0-sp1.x
microsoft / internet_explorer	6-sp1	6-sp1.x
microsoft / ie	6.0-sp2	6.0-sp2.x
microsoft / internet_explorer	7	7.x
microsoft / internet_explorer	6	6.x
microsoft / internet_explorer	6.0.2600	6.0.2600.x
microsoft / internet_explorer	6.0	6.0.x
microsoft / internet_explorer	6.0.2800	6.0.2800.x
microsoft / internet_explorer	6.0.2800.1106	6.0.2800.1106.x
microsoft / internet_explorer	6.0.2900	6.0.2900.x
microsoft / internet_explorer	6.0.2900.2180	6.0.2900.2180.x
microsoft / internet_explorer	7.0-beta	7.0-beta.x
microsoft / internet_explorer	7.0	7.0.x
microsoft / internet_explorer	7.0.5730.11	7.0.5730.11.x
microsoft / internet_explorer	7.0-beta1	7.0-beta1.x
microsoft / internet_explorer	7.0-beta2	7.0-beta2.x
microsoft / internet_explorer	7.0-beta3	7.0-beta3.x

Vulnerability Database

CVE-2007-3903