Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
Weaknesses in this category are related to improper management of system resources.
| Link | Tags |
|---|---|
| http://secunia.com/secunia_research/2007-36/advisory/ | patch vendor advisory |
| http://www.securityfocus.com/archive/1/468871/100/200/threaded | vendor advisory |
| http://www.vupen.com/english/advisories/2007/1712 | vdb entry vendor advisory |
| http://www.securitytracker.com/id?1018019 | vdb entry |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2048 | vdb entry signature |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 | vendor advisory |
| http://secunia.com/advisories/23769 | third party advisory patch vendor advisory |
| http://www.securityfocus.com/bid/23772 | vdb entry patch |
| http://www.osvdb.org/34403 | vdb entry |
| http://www.us-cert.gov/cas/techalerts/TA07-128A.html | third party advisory us government resource |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33256 | vdb entry |