VYPR
Unrated severityNVD Advisory· Published Jun 6, 2007· Updated Jun 16, 2026

CVE-2007-3091

CVE-2007-3091

Description

Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

24
  • cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
    • (no CPE)range: 6, 7
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*+ 4 more
    • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*
  • Microsoft/Windows5 versions
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.