QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-3091

Back to search

CVE-2007-3091

Published: Jun 6, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."

VendorProductVersions

n/a

n/a

affected
n/a

References

ADV-2009-1538
vdb-entry
x_refsource_VUPEN
25564
third-party-advisory
x_refsource_SECUNIA
MS09-019
vendor-advisory
x_refsource_MS
24283
vdb-entry
x_refsource_BID
VU#471361
third-party-advisory
x_refsource_CERT-VN
1018192
vdb-entry
x_refsource_SECTRACK
20070604 Assorted browser vulnerabilities
mailing-list
x_refsource_FULLDISC
20070604 Assorted browser vulnerabilities
mailing-list
x_refsource_BUGTRAQ
54944
vdb-entry
x_refsource_OSVDB
38497
vdb-entry
x_refsource_OSVDB
ADV-2007-2064
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:6041
vdb-entry
signature
x_refsource_OVAL
TA09-160A
third-party-advisory
x_refsource_CERT
2781
third-party-advisory
x_refsource_SREASON

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now