CVE-2009-1532

Опубликовано: 10 июн. 2009

Источник: nvd

CVSS3: 8.8

CVSS2: 9.3

EPSS Средний

Описание

Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability."

Ссылки

http://osvdb.org/54951
Broken Link
http://www.securityfocus.com/archive/1/504208/100/0/threaded
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022350
Broken Link
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Broken Link
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/1538
Broken Link
Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-09-041
Broken Link
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6244
Broken Link
http://osvdb.org/54951
Broken Link
http://www.securityfocus.com/archive/1/504208/100/0/threaded
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022350
Broken Link
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Broken Link
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/1538
Broken Link
Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-09-041
Broken Link
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6244
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x64:*

cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x86:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_vista:-:-:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*

cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.59432

Средний

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-qmr8-gx65-85gx