CVE-2007-0942

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-0942
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://secunia.com/advisories/23769 Vendor Advisory
http://www.osvdb.org/34399
http://www.securityfocus.com/archive/1/468871/100/200/threaded
http://www.securityfocus.com/archive/1/468871/100/200/threaded
http://www.securitytracker.com/id?1018019
http://www.us-cert.gov/cas/techalerts/TA07-128A.html US Government Resource
http://www.vupen.com/english/advisories/2007/1712 Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027
https://exchange.xforce.ibmcloud.com/vulnerabilities/33252
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939
http://secunia.com/advisories/23769 Vendor Advisory
http://www.osvdb.org/34399
http://www.securityfocus.com/archive/1/468871/100/200/threaded
http://www.securityfocus.com/archive/1/468871/100/200/threaded
http://www.securitytracker.com/id?1018019
http://www.us-cert.gov/cas/techalerts/TA07-128A.html US Government Resource
http://www.vupen.com/english/advisories/2007/1712 Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027
https://exchange.xforce.ibmcloud.com/vulnerabilities/33252
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
OR cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
History

21 Nov 2024, 00:27

Type Values Removed Values Added
References () http://secunia.com/advisories/23769 - Vendor Advisory () http://secunia.com/advisories/23769 - Vendor Advisory
References () http://www.osvdb.org/34399 - () http://www.osvdb.org/34399 -
References () http://www.securityfocus.com/archive/1/468871/100/200/threaded - () http://www.securityfocus.com/archive/1/468871/100/200/threaded -
References () http://www.securitytracker.com/id?1018019 - () http://www.securitytracker.com/id?1018019 -
References () http://www.us-cert.gov/cas/techalerts/TA07-128A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA07-128A.html - US Government Resource
References () http://www.vupen.com/english/advisories/2007/1712 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/1712 - Vendor Advisory
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/33252 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/33252 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939 -
Information

Published : 2007-05-08 23:19

Updated : 2024-11-21 00:27

NVD link : CVE-2007-0942

Mitre link : CVE-2007-0942

CVE.ORG link : CVE-2007-0942

JSON object : View

Products Affected

microsoft

  • windows_vista
  • windows_xp
  • windows_2000
  • windows_2003_server
  • internet_explorer
  • ie
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024