Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
6.8
EPSS Score
55.90%
Published
2007-12-12
Updated
2021-07-23
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
6.8
EPSS Score
82.18%
Published
2007-12-12
Updated
2021-07-23
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
6.8
EPSS Score
82.01%
Published
2007-12-12
Updated
2021-07-23
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
65.98%
Published
2007-12-12
Updated
2021-07-23
Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
73.97%
Published
2007-10-09
Updated
2018-10-30
Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
95.87%
Published
2007-10-09
Updated
2019-10-09
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.
Source: Microsoft Corporation
Max CVSS
6.8
EPSS Score
76.10%
Published
2007-10-09
Updated
2021-07-23
Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
38.76%
Published
2007-08-14
Updated
2018-10-12
Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
78.69%
Published
2007-08-14
Updated
2021-07-23
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
Source: Microsoft Corporation
Max CVSS
7.6
EPSS Score
73.63%
Published
2007-07-10
Updated
2018-10-12
Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
82.20%
Published
2007-07-10
Updated
2018-10-30
Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
81.89%
Published
2007-06-12
Updated
2021-07-23
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
96.37%
Published
2007-06-12
Updated
2021-07-23

CVE-2007-1765

Public exploit
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
Source: MITRE
Max CVSS
9.3
EPSS Score
4.94%
Published
2007-03-30
Updated
2021-07-23
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
96.56%
Published
2007-06-12
Updated
2022-02-28
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
82.49%
Published
2007-06-12
Updated
2021-07-23
Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
92.66%
Published
2007-05-08
Updated
2018-10-16
Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
Source: MITRE
Max CVSS
7.1
EPSS Score
86.48%
Published
2007-03-08
Updated
2017-10-11
Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
Source: MITRE
Max CVSS
4.3
EPSS Score
92.46%
Published
2007-03-03
Updated
2018-10-16
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
Source: Microsoft Corporation
Max CVSS
6.8
EPSS Score
86.60%
Published
2007-05-08
Updated
2018-10-16
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
Source: Microsoft Corporation
Max CVSS
7.2
EPSS Score
0.05%
Published
2007-04-10
Updated
2018-10-16
Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
94.11%
Published
2007-04-10
Updated
2018-10-16
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption.
Source: Microsoft Corporation
Max CVSS
6.8
EPSS Score
91.87%
Published
2007-04-10
Updated
2018-10-16
Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
82.49%
Published
2007-05-08
Updated
2018-10-16
Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
92.46%
Published
2007-05-08
Updated
2021-07-23
49 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!