Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka "HTML Object Memory Corruption Vulnerability."

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.68151
Percentile: 0.98505

CVSS Scoring

Affected Products

• cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
• cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*

← Back to Home