CVE-2007-5344 [Medium] | Code Injection in Ie

Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-04-08	26.54%	19.59%	-6.95%
2	2026-03-25	27.87%	26.54%	-1.33%
3	2026-03-02	—	27.87%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-04-08

26.54%

19.59%

-6.95%

2026-03-25

27.87%

26.54%

-1.33%

2026-03-02

—

27.87%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
6.8	2.0	MEDIUM	`AV:N/AC:M/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	8.6	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

6.8

2.0

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

8.6

6.4

[email protected]

Affected software / configurations for CVE-2007-5344

Vendor	Product	Version	Raw CPE
microsoft	ie	5.x	cpe:2.3:a:microsoft:ie:5.x:::::::*
microsoft	ie	6.0	cpe:2.3:a:microsoft:ie:6.0:sp1::::::
microsoft	ie	6.0	cpe:2.3:a:microsoft:ie:6.0:sp2::::::
microsoft	internet_explorer	5	cpe:2.3:a:microsoft:internet_explorer:5:::::::*
microsoft	internet_explorer	5.01	cpe:2.3:a:microsoft:internet_explorer:5.01:::::::*
microsoft	internet_explorer	5.1	cpe:2.3:a:microsoft:internet_explorer:5.1:::::::*
microsoft	internet_explorer	5.01	cpe:2.3:a:microsoft:internet_explorer:5.01:sp1::::::
microsoft	internet_explorer	5.01	cpe:2.3:a:microsoft:internet_explorer:5.01:sp2::::::
microsoft	internet_explorer	5.01	cpe:2.3:a:microsoft:internet_explorer:5.01:sp3::::::
microsoft	internet_explorer	5.01	cpe:2.3:a:microsoft:internet_explorer:5.01:sp4::::::
microsoft	internet_explorer	5.2.3	cpe:2.3:a:microsoft:internet_explorer:5.2.3:::::::*
microsoft	internet_explorer	5.5	cpe:2.3:a:microsoft:internet_explorer:5.5:::::::*
microsoft	internet_explorer	5.5	cpe:2.3:a:microsoft:internet_explorer:5.5:preview::::::
microsoft	internet_explorer	5.5	cpe:2.3:a:microsoft:internet_explorer:5.5:sp1::::::
microsoft	internet_explorer	5.5	cpe:2.3:a:microsoft:internet_explorer:5.5:sp2::::::
microsoft	internet_explorer	6	cpe:2.3:a:microsoft:internet_explorer:6:::::::*
microsoft	internet_explorer	6	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::
microsoft	internet_explorer	6.0	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*
microsoft	internet_explorer	6.0.2600	cpe:2.3:a:microsoft:internet_explorer:6.0.2600:::::::*
microsoft	internet_explorer	6.0.2800	cpe:2.3:a:microsoft:internet_explorer:6.0.2800:::::::*
microsoft	internet_explorer	6.0.2800.1106	cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:::::::*
microsoft	internet_explorer	6.0.2900	cpe:2.3:a:microsoft:internet_explorer:6.0.2900:::::::*
microsoft	internet_explorer	6.0.2900.2180	cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:::::::*
microsoft	internet_explorer	7	cpe:2.3:a:microsoft:internet_explorer:7:::::::*
microsoft	internet_explorer	7.0	cpe:2.3:a:microsoft:internet_explorer:7.0:::::::*
microsoft	internet_explorer	7.0	cpe:2.3:a:microsoft:internet_explorer:7.0:beta::::::
microsoft	internet_explorer	7.0	cpe:2.3:a:microsoft:internet_explorer:7.0:beta1::::::
microsoft	internet_explorer	7.0	cpe:2.3:a:microsoft:internet_explorer:7.0:beta2::::::
microsoft	internet_explorer	7.0	cpe:2.3:a:microsoft:internet_explorer:7.0:beta3::::::
microsoft	internet_explorer	7.0.5730.11	cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:::::::*

References for CVE-2007-5344

URL	Tags
http://secunia.com/advisories/28036	Vendor Advisory
http://securitytracker.com/id?1019078
http://www.securityfocus.com/archive/1/484890/100/100/threaded
http://www.securityfocus.com/archive/1/485268/100/0/threaded
http://www.securityfocus.com/bid/26817
http://www.us-cert.gov/cas/techalerts/TA07-345A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/4184	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-07-075.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069
https://exchange.xforce.ibmcloud.com/vulnerabilities/38715
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480

URL

CVE-2007-5344

Exploit prediction scoring system (EPSS) score for CVE-2007-5344

Common vulnerability scoring system (CVSS) metrics for CVE-2007-5344

Weakness enumeration for CVE-2007-5344

Affected software / configurations for CVE-2007-5344

References for CVE-2007-5344